News broke this week of one of the biggest security issues the world wide web has seen in the Heartbleed bug. Roughly two-thirds of all websites on the web have potentially been effected. The Heartbleed bug is a vulnerability in the OpenSSL cryptographic library on web servers.
We wanted to update you on this new threat and give you some tips on how you can avoid any potential issues. It is likely you will have received or will receive an email from some of the major websites that you have accounts with, generally with the advice to update your passwords.
The vulnerability can allow a hacker to to read blocks of 64K memory on servers and clients that connect using SSL through a flaw in the newer version of OpenSSL’s implementation of the heartbeat extension. Being able to read this memory attackers can
“get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.”
What you should do: If you host your website on our servers you are already protected at the server level, we have taken priority action before the bug was known about to the greater public. If you have a website that uses SSL security you should contact us if you have any concerns however we have requested that all SSL certificates used on our servers be re-issed as an additonal precautionary measure.
To ensure that your information is secured on websites you visit frequently you should follow the instructions provided the by the company which is tyically to update your passwords. Please note that until the fix has been applied updating your password will have no benefit – wait until you have been notified and then update your password.
So the bottom line here is to be aware but don’t be alarmed. Always take your security on the internet seriously and update your passwword on a regular basis. We all have many passwords these days and there are very effective password management tools available to help with generating safe and secure passwords. To learn more about how to protect your passwords you can read our blog post here.
If you have any further questions you can contact our support team here.