Thursday, April 10, 2014

SMS-Magic : Heart is Not Bleeding Here!

Dear Customers,

We are glad to inform you that Our services are secure from HeartBleed bug. We would like to assure you that Screen-Magic is committed to provide its customers an interruption free and secure services. 

On Monday April 7th, the OpenSSL project released an update to address a serious  security vulnerability nicknamed "Heartbleed". This vulnerability impacts the encryption used for internet communications and could allow access to decrypted HTTPS traffic. Like many service providers, once Screen-Magic team became aware of Heartbleed, We moved quickly to address, and evaluate the impact of, this vulnerability. We know that you share our concern for security and privacy, so we want you to be aware of the specifics of Heartbleed vulnerability as it relates to SMS-Magic. Click Here to find more information.

Impacted services 

First and foremost, we have no evidence that the Heartbleed vulnerability was used to obtain any SMS-Magic data or to access SMS-Magic services. SMS-Magic's application servers were using affected versions of OpenSSL. Patches have been applied to all impacted servers, a process which was completed and confirmed by 1PM IST on April 10th 2014. Nevertheless as a precaution, we've replaced our private key and SSL certificate since it's plausible that SMS-Magic certificates could have been exposed.

What you should do

While there's no indication that SMS-Magic user data has been impacted, we strongly recommend that users update their SMS-Magic account passwords.

Many of our users have sites or applications hosted which store their SMS-Magic credentials or other sensitive data. So, we also recommend auditing all services you may use to determine if they are also vulnerable, taking steps to repair any vulnerable services, and replacing SSL certificates once the vulnerability has been removed.

Thanks for your Co-operation.

Sandip More
Co-Founder & CTO
Screen-Magic Mobile Media Pvt Ltd.