Print Article

'Heartbleed' & Development update

By Jack Basford
Last updated: Mon, 14 Apr 2014 11:09

'Heartbleed' bug

By now, you have probably heard of the 'Heartbleed' bug that has affected the security of hundreds of thousands of services across the Internet. This is a flaw in an open source security package called OpenSSL that is used to provide secure electronic communications. iGP also uses this to help protect your communication with us against eavesdroppers.

Our systems were patched within 24 hours of the announcement of the vulnerability (on the 7th) and the SSL certificate we use to protect your communication with our 'https://' URLs has been renewed. So, any new encrypted communication between us is no longer vulnerable to this exploit.  However, we cannot guarantee that information was not leaked in the past. As a result, it would be prudent to change your account password. You can do that here: https://igpmanager.com/play/?url=manager-settings/password.

This vulnerability was introduced globally over 2 years ago. However, our systems have only been susceptible to it since the 11th of November 2013 - when we launched a server infrastructure upgrade.

We do not have any indication that any data was actually compromised. We can also assure you that none of your payment details were at risk at any time, as we do not store these on our systems. Also, given that this vulnerability has been so widespread, and given the relatively low value of the information stored on our servers, the chances that iGP would have been a target for anyone is very small. For your peace of mind though, we recommend changing your passwords.

Tyre compounds update

In other news, we are making good progress on the tyre compounds update. When this update arrives iGP will have two new dry tyre compounds in addition to the two existing ones. The full range of dry tyres available will be: Super Soft, Soft, Medium and Hard. These compounds are now in testing on the beta and we will be looking to roll them out to the live site in the weeks ahead.

Host auto-kick function

Another feature that will arrive at the same time as the tyre compound update is an option for league hosts to have inactive managers automatically kicked from a league after a set number of weeks. The default will likely be set to 4 weeks, with the aim of removing all inactive managers from leagues over time. The inactivity period will be defined by their last login, as opposed to their last race. League hosts will have the option to set it to anything from 1-8 weeks manually, or disable the option entirely.