Announcing HTTPS – secure file conversion for everyone

A nefarious spy. Probably from the government. Likely trying to crack your files.We’re pleased to announce that we just launched support across the entire Zamzar website for HTTPS for all users.

Effective immediately this means that the entire site is now secured with the familiar green padlock:

secure-https-zamzar.png

All files uploaded to or downloaded from the website will automatically be protected from prying eyes, enabling you to be safe in the knowledge that your file conversions are being protected by industry standard secure encryption.

In June 2013 Edward Snowden first revealed the full extent of government spying on their citizens via the Internet and the extent to which Internet connections were actively mined for data. HTTPS helps to protect against this snooping and gives you assurances that your data cannot be seen or tampered with. It does this by scrambling the data sent between your computer and the secured website into indecipherable characters, so that it is not possible to snoop on it.

Here at Zamzar we have long been supporters of efforts by the Electronic Frontier Foundation to fight for privacy protection online, and we’re proud to continue supporting the efforts being made to make the web a more secure place to be.

Happy secure converting!
The Zamzar Team.

Advertisements

Zamzar and Heartbleed

TL;DR: We’re happy to report that after auditing our services Zamzar has not been affected by the Heartbleed vulnerability. Read on for more info …

heartbleedTwo days ago on 7th April 2014 a major security vulnerability – CVE-2014-0160 (nicknamed “Heartbleed”) was announced.

This bug has the potential to affect any site which runs “secure” HTTPS traffic (usually identified by the little padlock you see in your web browser).

Current estimates put the number of affected sites at half a million, with renowned security expert Bruce Schneier calling it “Catastrophic” … On the scale of 1 to 10, this is an 11.

Our response

 
We run HTTPS services here at Zamzar for our business customers, as part of our efforts to keep your files and data secure, and were naturally concerned when we heard about this issue. We’re happy to report that after auditing our services Zamzar has not been affected by the Heartbleed vulnerability – We do run the software which can be affected (OpenSSL), but the version we run – 0.9.8 – does not have this bug.

We take our responsibilities to customers very seriously, which is why we conducted a full audit of our services on the same day that this bug was announced, on the 7th April 2014.

Other sites

 
If you use other services and software, please be aware that they could still be vulnerable to this issue – you can check whether they are by using a number of tools to test for the Heartbleed vulnerability (although, please make sure you have permission first):

Given the severity of this problem – passwords can be stolen, sessions hijacked, traffic and files spied upon – you should be asking the other websites you use what they are doing to fix the problem.

Patching your own sites

 
If you run your own web servers for customers you should check to make sure they are not vulnerable – If they are you should upgrade to a fixed version of OpenSSL as soon as possible by using your operating system’s package manager (e.g apt, yum or up2date) or by downloading and installing the latest release from OpenSSL.

Conclusions

 
We take the security of your data very seriously here at Zamzar, and will work hard to protect it on your behalf. If you have any questions or concerns about this or any other issue please do shoot us an email at info@zamzar.com.

Thanks,
The Zamzar Team.