Your Data is Secure with Scoutbook

Close

Your Data is Secure with Scoutbook

Published: Apr 14, 2014
Share this blog post with your friends!
View 8 Comments

Scoutbook was NOT affected

Scoutbook is aware of the recent security threat named "Heartbleed" which was discovered in the OpenSSL software found on most Apache and nginx servers.  

Potentially 66% of all websites on the internet were affected by this bug.

We are pleased to inform you that Scoutbook was not infected.  Scoutbook does not use OpenSSL software and at no time was your information ever compromised.


What is the Heartbleed Bug?

"The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users."
- Heartbleed.com

More information can be found at Heartbleed.com

 

How secure is Scoutbook?

We take security very seriously.  That is why every page of Scoutbook is 100% encrypted and secure.

Please reference our FAQ Forum to learn more about our security practices, server infrastructure and our children COPPA compliance.

FAQ Forum  » How secure is Scoutbook? How do you protect the children's information?

 

  • Comments (8)
  • Indian Waters Council Image
    11 years ago
    Brooks Prevette
    Thanks ScoutBook!!!
    Pending Approval
  • Crossroads Of America Image
    Committee Member
    Trained Strip
    11 years ago
    Larry Stockton
    thanks for the update and validation. Can you confirm that with the latest OpenSSL findings is this still the case?
    Pending Approval
  • 11 years ago
    Scout Book
    We confirm that we do not use OpenSSL in any of our processes. Thanks!
    Pending Approval
  • National Capital Area Council Image
    11 years ago
    Scott Reid
    In the post entitled "How secure is ScoutBook?" it says the encryption is SHA-256, 128-bit encryption. Is this correct? (Wouldn't it be 256-bit encryption?)
    Pending Approval
  • 11 years ago
    Scout Book
    Hi Scott. Here is a description that explains why we define it as 128 bit.

    "SHA-256, described in Chapter 2 of this paper, is a 256-bit hash and is meant to provide 128 bits of security against collision attacks. SHA-512, in Chapter 3, is a 512-bit hash, and is meant to provide 256 bits of security against collision attacks"
    Source: http://csrc.nist.gov/ Descriptions of SHA-256, SHA-384, and SHA-512
    updated 11 years ago
    Pending Approval
  • National Capital Area Council Image
    11 years ago
    Scott Reid
    Thank you. Was seeking to compare to TroopMaster.net.
    Pending Approval
  • Quapaw Area Council Image
    10 years ago
    Ethan F.
    Yikes. It was a pretty good thing this website was not affected by that bug.
    Pending Approval
  • Monmouth Council, BSA Image
    Chartered Organization Rep.
    10 years ago
    Jim Hartz
    I must say, I'm pretty impressed with the configuration of the TLS for Scoutbook. Much better than I would have expected. I would love to see them remove the RC4 ciphers from their server configs. They have been proven weak and broken trivialy.
    Pending Approval
Close

Delete Comment?

Are you sure you want to delete your comment?

This action cannot be undone.

Cancel
Delete