Heartbleed Bug - OpenSSL Vulnerability, Make sure you are secure now!

Post Published: 2014-11-04 03:57:43
Author: MySHH Website Design & Development.

Heartbleed Bug - OpenSSL Vulnerability, Make sure you are secure now!

A change from the lively activities here at MySHH and a tedious bit of information to start the day

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL’s implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

What does this mean for MySHH Clients & Customers?

SSL is an important protocol for securing web traffic, and thus securing web requests for logins, order transactions, etc.. MySHH servers are already updated and patched to ensure that this vunerability is patched and we have made sure that no one can avail from this bug on our servers throughout the network.

Even though we have ensured our server security YOU need to re-issue your SSL Licenses.

We can only do half of the job required to secure your systems if you have purchased SSL via a 3rd party vendor, due to the intensity of this bug we are offering assistance with updating and reissuing your SSL certificates free of charge, if you require any assistance what so ever please contact us right away – MySHH will not be held liable for any clients that have not updated their certificates and that may suffer a “heartbleed attack”

Not using MySHH Hosting? How do I check if my server is protected?

There are three ways you can verify if your server is protected:

  1. Open a support ticket with your hosting provider.
  2. Make use of  a third party scanning tool via the web.
  3. You can run a scanning tool locally on your server. One such tool is:

What do I do if my server is not protected?

Contact your local system administrator or hosting provider immediately! They will have the technical expertise to update the OpenSSL libraries on your server to protect your SSL communications going forward.

If you are a system admin you may be stuck as to know what to do, we suggest doing an full OS update depending on your OS, a simple

yum update

Should fix errors and then remember to restart all services that use SSL (MySQL, HTTP ect..)

To test if your server is protected run:

# rpm -q --changelog openssl | grep -B 1 CVE-2014-0160
* Mon Apr 07 2014 Tomáš Mráz 1.0.1e-16.7 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

Do we need to reset our passwords and regenerate our private and public keys on the server?

Due to the nature of the vulnerability it is impossible to know what other information, including private keys, passwords, and session ID’s, has been compromised. The attack occurs before a full connection to your server has been made, leaving no indications in any logs that an attack has occurred. It is recommended that you regenerate all SSH keys and reset all passwords across the server.

If you require any assistance what so ever in this matter please contact us right away, we have support staff dedicated to handle SSL issues at present.

How has MySHH servers and my account been affected by Heartbleed?

The MySHH website, our public servers, and the MySHH.net SSL certificate end point were not vulnerable to the Heartbleed bug when it was publicly disclosed on April 7th 2014.

Any secure communication with our servers, such as logging into the members area, would not be affected by any attacks following the public disclosure of the Heartbleed bug.

The Heartbleed bug has had a profound impact on the transmission of secure data throughout the Internet. It is for that reason that we are encouraging our customers to reset their member area passwords at their earliest convenience as a matter of common password maintenance. Please remember to always make your passwords unique, random, and periodically rotate them.

Amazing Webshop Design

Created by teamwork your website will become another work of art.

We don't just offer website design, we offer a masterpiece that is tailored to your every wish. Designed and optimized to promote and sell your products / services, MySHH will amaze you.

Join our happy customers and get an online presence that will knock your competition out of the water.

Free Domain Name

100% Free domain name of your choice.

MySHH will pay for and maintain your domain name on a yearly basis when using one of our services.

social sharing buttons