This past Monday (04/07/2014) a team of security engineers with Codenomicon and Neel Mehta of Google Security reported the Heartbleed bug affecting secure connections using SSL/TLS for encryption. The vulnerability is present in specific versions of the OpenSSL library and is called the Heartbleed Bug. The Web Hosting Hub systems team has already taken immediate steps to patch the exploit on all affected servers (as of April 7, 2014).
What is OpenSSL?
OpenSSL is an open-source library that provides the implementation of SSL and TLS protocols. It is the core library that allows the operation of SSL certificates to create a secure link between entities such as a web server and a computer client. (For more info: OpenSSL FAQ
What does the Heartbleed bug affect?
The Heartbleed bug provides a hole in the SSL security that would allow an attacker to read information stored in memory. This includes information such as usernames, passwords, SSL keys, emails, and other critical information that would normally not be accessible because of the SSL encryption.
Am I vulnerable?
OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to attack. You are vulnerable if you are currently running one of those versions of OpenSSL. Most of Web Hosting Hub servers were not affected because the version of OpenSSL loaded on the server was not the version affected by the exploit. Steps have already been taken to ensure that all Web Hosting Hub servers are protected from the Heartbleed bug.
How do I protect myself from the Heartbleed bug?
As a Web Hosting Hub customer, the systems team have already taken immediate steps to patch the server that houses your account so that it cannot be exploited. If you do not have an account with Web Hosting Hub, you can still action to resolve the problem. To fix the issue, simply upgrade OpenSSL to the newest version available. Most Linux distributions such as CentOS and Debian have already pushed the update to their repositories.
How has Heartbleed affected my account?
Unfortunately, because of how the Heartbleed bug works, there is no way to know if you have been attacked. We highly recommend that you update your SSL keys and passwords to for all of your online accounts. This includes social media accounts like Facebook or Twitter, email accounts, bank accounts and any online account that may hold your private information .