Fund Manager
PORTFOLIO MANAGEMENT SOFTWARE
Contact Us

Heartbleed

General questions about using Fund Manager that do not fit into any other forum.

Postby fez » Fri Apr 25, 2014 1:08 pm

Hi,

Can you indicate whether fund manager uses OpenSSL, and if so, whether it has used the version affected by Heartbleed? I've stopped downloading transactions from my brokerage to fundmanager because I'm not sure about the security of the connection. Thanks for your help.

Regards,
Stephanie
fez
 
Posts: 10
Joined: Wed Oct 07, 2009 8:55 am

Postby Mark » Fri Apr 25, 2014 3:02 pm

Hi Stephanie,

Good question. No, Fund Manager does not use OpenSSL when doing any of the online transaction/position retrieval from your broker. Fund Manager uses a component of IE from Microsoft called wininet that handles this, and that does not use OpenSSL, and does not have the Heartbleed bug. However, this is only the Fund Manager end of the connection. It may be possible for your broker's OFX server to be using OpenSSL. You may want to check with whatever broker or mutual fund company you're retrieving from to have them clarify that their OFX server is not running with an affected version of OpenSSL. If they are using an affected version, not retrieving with Fund Manager is not going to help. An affected server can be compromised without you doing anything. So, you might as well continue retrieving, as just retrieving does not expose any of your information. If their server is affected, it can be compromised whether you retrieve or not. Hopefully they have fixed any affected servers.

On a related note, Fund Manager does use OpenSSL when sending email alerts to an SMTP server that uses SSL. The version of OpenSSL used by Fund Manager is 0.9.8g and was not affected by the Heartbleed bug.

Also, our online ordering system uses a secure HTTPS connection, and this server is running OpenSSL, but is also using 0.9.8g, so it is not (nor was it ever) affected by the Heartbleed bug.
Thanks,
Mark
Fund Manager - Portfolio Management Software
Mark
Site Admin
 
Posts: 11253
Joined: Thu Oct 25, 2007 2:24 pm
Location: Chandler, AZ


Return to General

Who is online

Users browsing this forum: No registered users and 14 guests

FundManagerSoftware.com | Search | Site Map | About Us | Privacy Policy
Copyright © 1993-2024 Beiley Software, Inc. All rights reserved.