HEARTBLEED OPENSSL SECURITY ISSUE

Many of you may have heard about the recent OpenSSL security issue dubbed “The Heartbleed Bug.” OpenSSL is the open-source library that handles a lot of backend cryptographic functions on our systems, with SSL website traffic being a key usage area for our company. This bug could allow an attacker to retrieve some stored memory from the server and possibly gain access to the private key for that SSL certificate. If the private key for an SSL certificate is revealed, the attacker could then use that to decrypt future website traffic through a man-in-the-middle attack Other private information in memory could also be revealed, like user names or passwords, that should not be made public.

This is a very serious bug as it affects a key piece of security on the Internet that we trust every day to protect private transactions with our our banks, our on-line shopping, and logging in to your web-hosting account at SnapBlox. Luckily, most of our servers are not affected by this vulnerability because this bug only affects a specific set of OpenSSL versions that we do not use on the vast majority of our servers. For all of our other servers that are affected, we are updating the OpenSSL release and any related software and then reissuing any SSL certificates on those servers, just as a precaution. http://filippo.io/Heartbleed/#snapblox.com. But if you are on any SnapBlox web hosting plan (including reseller, shared, cloud, VPS) then your website is already safe.

If you have any questions, please post in the comments or open a support ticket. Again thanks for your continued business and support!

Posted in security-advice

About michael earls

View all posts by michael earls →