Browse by Topic
Rest easy, Ixquick is secure from Heartbleed SSL threat
Last modified on 07 July 2015 01:00 AM
"Heartbleed" is a security vulnerability in OpenSSL (Secure Socket Layer) encryption that permits eavesdropping on communications and access to sensitive data such as passwords. Heartbleed gives ready access to the memory of the encryption functions of vulnerable servers, allowing attackers to steal the private keys used to encrypt data transmissions.
Ixquick's vulnerability to this attack was limited, since we had implemented a more secure, upgraded form of SSL known as Perfect Forward Security (PFS) in July 2013. PFS is generally supported by most recent browser versions. Since PFS uses a different "per-session" encryption key for each data transfer, even if a site's private SSL key is compromised, past communications are protected from retroactive decryption.
Security is a moving target, and we work hard to stay ahead of the curve. Immediately after the Heartbleed security advisory, Ixquick's encryption modules were updated and encryption certificates were changed.
In independent evaluation, Ixquick outscores other search engines on encryption standards, earning an A+ rating. See Qualys' SSL Labs evaluation of Ixquick's encryption features here:
Ixquick/StartPage's PFS press release (July 2013): https://www.startpage.com/eng/press/pr-pfs.html
"Heartbleed" bug undoes Web encryption, reveals Yahoo passwords
Still haven't found the answer to your question? Click here to contact support.