What is the Heartbleed bug?
This past Monday (04/07/2014) a team of security engineers with Codenomicon and Neel Mehta of Google Security reported the Heartbleed bug affecting secure connections using SSL/TLS for encryption. The vulnerability is present in specific versions of the OpenSSL library and is called the Heartbleed Bug. The Web Hosting Hub systems team has already taken immediate steps to patch the exploit on all affected servers (as of April 7, 2014).
What is OpenSSL?
OpenSSL is an open-source library that provides the implementation of SSL and TLS protocols. It is the core library that allows the operation of SSL certificates to create a secure link between entities such as a web server and a computer client. (For more info: OpenSSL FAQ).
What does the Heartbleed bug affect?
The Heartbleed bug provides a hole in the SSL security that would allow an attacker to read information stored in memory. This includes information such as usernames, passwords, SSL keys, emails, and other critical information that would normally not be accessible because of the SSL encryption.
Am I vulnerable?
OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to attack. You are vulnerable if you are currently running one of those versions of OpenSSL. Most of Web Hosting Hub servers were not affected because the version of OpenSSL loaded on the server was not the version affected by the exploit. Steps have already been taken to ensure that all Web Hosting Hub servers are protected from the Heartbleed bug.
How do I protect myself from the Heartbleed bug?
As a Web Hosting Hub customer, the systems team have already taken immediate steps to patch the server that houses your account so that it cannot be exploited. If you do not have an account with Web Hosting Hub, you can still action to resolve the problem. To fix the issue, simply upgrade OpenSSL to the newest version available. Most Linux distributions such as CentOS and Debian have already pushed the update to their repositories.
How has Heartbleed affected my account?
Unfortunately, because of how the Heartbleed bug works, there is no way to know if you have been attacked. We highly recommend that you update your SSL keys and passwords to for all of your online accounts. This includes social media accounts like Facebook or Twitter, email accounts, bank accounts and any online account that may hold your private information .
Did you find this article helpful?
Tweet
Comments
n/a Points
|
2014-04-16 5:31 pm
You should not change your password UNLESS you know that the bug has been fixed on the site that you are useing, otherwise you will just have to change your password again after the bug has been fixed. Also there is no point in chaning your password if the iste was not useing OpenSSL(i.e. Microsfot which uses there own verstion of SSL) |
Staff 12,339 Points
|
2014-04-16 5:54 pm
Hello Jaime,
It is true, thank you for your information. For anyone else who may see this comment: all of WebHosting Hub's affected servers have been patched/fixed already. The Heartbleed bug should not affect hotmail/outlook. For administrators using OpenSSL on a Windows server, Microsoft's forums provided a solution here. If you have any further questions, feel free to post them below. Thank you, -John-Paul |
Help Center Login
Related Questions
Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!