This past Monday (04/07/2014) a team of security engineers with Codenomicon and Neel Mehta of Google Security reported the Heartbleed bug affecting secure connections using SSL/TLS for encryption. The vulnerability is present in specific versions of the OpenSSL library and is called the Heartbleed Bug. The Web Hosting Hub systems team has already taken immediate steps to patch the exploit on all affected servers (as of April 7, 2014).

What is OpenSSL? OpenSSL is an open-source library that provides the implementation of SSL and TLS protocols. It is the core library that allows the operation of SSL certificates to create a secure link between entities such as a web server and a computer client. (For more info: OpenSSL FAQ).

What does the Heartbleed bug affect?

The Heartbleed bug provides a hole in the SSL security that would allow an attacker to read information stored in memory. This includes information such as usernames, passwords, SSL keys, emails, and other critical information that would normally not be accessible because of the SSL encryption.

Am I vulnerable?

OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to attack. You are vulnerable if you are currently running one of those versions of OpenSSL. Most of Web Hosting Hub servers were not affected because the version of OpenSSL loaded on the server was not the version affected by the exploit. Steps have already been taken to ensure that all Web Hosting Hub servers are protected from the Heartbleed bug.

How do I protect myself from the Heartbleed bug?

As a Web Hosting Hub customer, the systems team have already taken immediate steps to patch the server that houses your account so that it cannot be exploited. If you do not have an account with Web Hosting Hub, you can still action to resolve the problem. To fix the issue, simply upgrade OpenSSL to the newest version available. Most Linux distributions such as CentOS and Debian have already pushed the update to their repositories.

How has Heartbleed affected my account?

Unfortunately, because of how the Heartbleed bug works, there is no way to know if you have been attacked. We highly recommend that you update your SSL keys and passwords to for all of your online accounts. This includes social media accounts like Facebook or Twitter, email accounts, bank accounts and any online account that may hold your private information .

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Comments

n/a Points
2014-04-16 5:31 pm

You should not change your password UNLESS you know that the bug has been fixed on the site that you are useing, otherwise you will just have to change your password again after the bug has been fixed. Also there is no point in chaning your password if the iste was not useing OpenSSL(i.e. Microsfot which uses there own verstion of SSL)

Staff
12,339 Points
2014-04-16 5:54 pm
Hello Jaime,

It is true, thank you for your information. For anyone else who may see this comment: all of WebHosting Hub's affected servers have been patched/fixed already.

The Heartbleed bug should not affect hotmail/outlook. For administrators using OpenSSL on a Windows server, Microsoft's forums provided a solution here.

If you have any further questions, feel free to post them below.
Thank you,

-John-Paul

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.
}