All posts by Mark Tolmacs

Ustream security update on “Heartbleed”

Posted on by

On Monday, April 7th, 2014 a security vulnerability was disclosed in a software library called OpenSSL. Ustream, along with most of today’s major Internet services, relies on OpenSSL to encrypt and secure web traffic and private customer data. This vulnerability (identified as CVE-2014-0160; also known as Heartbleed) allows an attacker to remotely access the memory contents of servers running a vulnerable version of OpenSSL and potentially access sensitive data, including security keys, usernames and passwords.

The name “Heartbleed” comes from the particular section of the OpenSSL codebase affected by this bug, the Transport Layer Security “heartbeat” implementation. The piece of code responsible for the “heartbeat” section of the protocol leaks (or bleeds) memory to the network when an attacker sends a carefully crafted network package. Continue reading

Investigating reports of a malware notice on Ustream

Posted on by

We have become aware that some of our users have been shown a malware report regarding insecure content on Ustream.  This report is due to a malicious attack on our site.  We are confident that there is no malware and your user information is secure.  We are investigating the incident, and we ask our users to be patient as we fix this problem.

 

UPDATE: We were able to identify a 3rd party ad provider as the cause of the malware report. We removed the faulty provider and the malware team at Google confirmed the change. Soon the notice will be withdrawn and your experience should return back to normal. Once again, thank you for your patience!

UPDATE: We are happy to report that the malware report has been pulled back and Ustream should be accessible without any further disruption. Thanks for your support!