As reported in the mass media this week, a vulnerability in OpenSSL has been discovered and disclosed, which endangers the security of data transferred over an SSL/TLS encrypted connection on the Internet. The vulnerability - named the Heartbleed Bug- is a programming mistake affecting certain versions of OpenSSL. As many services use SSL, this is a significant vulnerability, because it means private information such as keys and passwords can be exposed, without the protection of encryption.
On Tuesday, before the vulnerability was reported in the mass media, we patched all of the affected servers on our network.
We are a managed hosting provider, therefore no action is required by our customers, except in the cases of dedicated/VPS clients who have opted out.
As we patched our servers so quickly in response to the vulnerability, and the majority of our servers were never affected, we do not believe it is necessary for further actions to be taken, such as reissuing SSL certificates. In regards to passwords, we always recommend that users change passwords on a regular basis, and we continue to advise doing so to safeguard your online security.
Friday, April 11, 2014
Powered by WHMCompleteSolution