Login Page - Create Account

Support Board


Date/Time: Fri, 29 Mar 2024 15:36:07 +0000



[Locked] - Notice : Sierra Chart and the Heartbleed bug

View Count: 2139

[2014-04-12 08:41:19]
Sierra Chart Engineering - Posts: 104368
Some of you may have heard about the Heartbleed bug. Whether any hackers have actually taken advantage of this to steal protected information on the Internet, is not known.

While this is a serious bug, it does not seem as though it was something that was being commonly exploited, if at all.

This is a short summary "The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. ".

The Sierra Chart Web server which use Apache and SSL, have now been patched with the newest software which solves the problem. This is really the only main vulnerability that existed.

Sierra Chart itself uses Open SSL for CTS T4 market data and trading, Currenex market data and trading, LMAX market data and trading, OEC trading, and CQG market data. So Open SSL is used on the client-side. What this means is that for this bug to be exploited and be a risk, the server you are connecting to such as a CTS T4 server would have to have some malicious program designed to read the memory of your computer.

This would not make any sense. It is next to impossible any of these business would be engaging in that, let alone even know about this particular bug. Developing trust is very important and they are also holding customer funds or managing them. So this would seem like an unlikely possibility.


Nevertheless, the Open SSL that Sierra Chart uses is being updated to the one that corrects this problem.

We also tend to think that Sierra Chart is unique, in this industry, in directly employing open SSL because we have a firm policy where we do not use in process API components like other trading programs do.

So we favor direct socket connections using protocols like FIX and SSL. While our transition to this, has been somewhat difficult recently because of the implementations of FIX with some services, this is what makes the connectivity, from an engineering perspective, much more of a solid and graceful connection.

Rithmic also use open SSL in their API that is embedded into the Rithmic bridge. As has been explained above, we do not see this as a risk, but if they come out with a new version of it, we will update it.

As a side note, we are making an effort in this industry to establish a common communications protocol:
http://www.sierrachart.com/index.php?l=doc/doc_GeneralDataTradeServiceProtocol.php
Sierra Chart Support - Engineering Level

Your definitive source for support. Other responses are from users. Try to keep your questions brief and to the point. Be aware of support policy:
https://www.sierrachart.com/index.php?l=PostingInformation.php#GeneralInformation

For the most reliable, advanced, and zero cost futures order routing, *change* to the Teton service:
Sierra Chart Teton Futures Order Routing
Date Time Of Last Edit: 2014-04-12 08:50:26

To post a message in this thread, you need to log in with your Sierra Chart account:

Login

Login Page - Create Account