A groovy name but a threatening personality, such is the nature of a brand new bug found in OpenSSL, the open-source software package broadly used to encrypt Web communications. This bug allows attackers to steal information off your emails even if your site is SSL secured. All communication channels including email, Instant messangers (IM) and VPN are all vulnerable to this attack. This means once stolen the attackers can use this data to impersonate services, websites and users too.
This super serious vulnerability has the web in a fix but thankfully the smart folks at Google have already dispatched a fix for this bug and the real good news is that we have already adatped to the fix so your website and data are totally secure now.
Here’s what you need to know about this threat and the measures we’ve taken to address the threat.
How does the Heartbleed bug work?
Any site that is secured using OpenSSL works using a Public key and a Private key to encrypt any data trasnfered to and from the site. This makes all data on a site encypted and safe. The Heartbleed bug has leaked the Private key itself so any data on your website becomes visible to the keyholder who can now decrypt it. This means, if in a worst case scenario your Private key was copied by someone they can continue reading data even though we have fixed the bug from our end. What you need to do is get a re-issued SSL certificate from your current certificate provider.
Are you affected?
Given the fact that OpenSSL is the most popular open source cryptographic library and TLS (transport layer security), loads of websites use it in some form or function. The good news though, is that we’ve applied the fix and any data hosted with us is totally safe.
What have we done to fix it?
As soon as this threat was discovered, a few super awesome folks took it upon themselves to fix the problem. The fixed version of OpenSSL was thus made live and rightly called “Fixed OpenSSL” 🙂 (we never said they were creative, just super smart and super awesome). We’ve adapted to this newly Fixed OpenSSL that makes all data hosted with us totaly secure.
What’s next for you?
We have no evidense that suggests any of our issued keys were compromised but as a security measure we’d recommend getting a re-issue of your SSL certificate. Do reach out to if you’ve purchased your SSL certificate from us. If you’ve purchased it from some other vendor, get in touch with them to get a re-issue.
For all you techies who want the real scoop on this bug, here’s a link that will satisfy your tech appetite on this matter: http://heartbleed.com
As usual, feel free to reach out to us should you have any concerns regarding this.