Dealing with the latest security threats

There has been a lot of attention in the media recently following the OpenSSL Heartbleed vulnerability. While Safe4 was never affected by this problem we have recently reviewed our security settings covering the security of the connection between your computer and our servers.

The SSL protocol which is used to encrypt the communication between a client computer and a server when a site specifies HTTPS has evolved over the past years, with 5 recent versions – SSL2.0, SSL3.0, TLS1.0, TLS1.1 and TLS1.2. Obviously the newer protocols are more secure than the earlier ones.

At our last review we took the decision to disable the SSL2.0 and SSL3.0 protocols. It was originally thought that this would only impact users of IE6 on Windows XP (Safe4 does not see this combination in our user base) but it also appears to affect IE8 on Windows XP since Internet Explorer relies on the operating system to secure the communication.

Safe4 would recommend upgrading from Windows XP at the earliest opportunity.  However this may not be an immediately available option, in which case Safe4 would recommend the use of an alternative browser such as Google Chrome which supports these latest security protocols and will help to keep your information secure.

Importantly Microsoft has discontinued support for Windows XP as of 8th April 2014 – see http://www.microsoft.com/windows/en-gb/xp/end-of-xp-support.aspx. Critically this means that Microsoft will not be issuing any further security patches or software updates – which means your PC and the information on it may become vulnerable in the future.