Dear Members,
as you are probably aware, yesterday a critical bug in OpenSSL was disclosed which would allow attackers to read encrypted traffic. This affects Perfect Privacy as follows:
– Our webserver and the gigabit OpenVPN servers were affected by the Heartbleed bug. All other other VPN servers used a version of OpenSSL that is not affected by this bug.
– Perfect Privacy supports Perfect Forward Secrecy (PFS) so that even if keys had been stolen, a decryption of the traffic retroactively is not possible based on current knowledge.
– All servers were immediately updated after the bug was disclosed.
– Despite the small probability that keys might have been stolen, we will exchange the OpenVPN keys for all 1000Mbps servers. This requires an update of your client configuration. This exchange will happen during the next couple of hours.
We apologize now to all members reading this text too late and whose VPN connections were dropped.
– We will exchange the certificates for *.perfect-privacy.com and securemail.biz. This will happen as soon as possible, most Certification Authorities are currently organizing a free and quick exchange.
Your Perfect Privacy Team