Heartbleed

Heartbleed – Our Stance and Advice

Posted on

Hopefully you will have heard about Heartbleed, it’s been widely reported on various media over the last couple of days. In summary Heartbleed enables criminals to steal all sorts of data held and accessed through an encrypted channel called SSL, represented by a website address that starts in https. Specifically Heartbleed exploits a serious vulnerability in the popular OpenSSL cryptographic software library.

Heartbleed and WebMe Hosting

All WebMe infrastructure and shared web hosting servers were patched on Tuesday morning as soon as the vulnerability was announced; we are in the process of revoking and reissuing our own SSL certificates.

We are currently setting up a bulk reissue process, once in place we will automatically reissue and install all shared web hosting certificates; shared hosting customers do not need to do anything.

Customers with WebMe issued SSL certificates will be contacted either by ourselves or our Certificate Authority in due course and at this point you will be able to request a certificate revoke and reissue from us.

Customers with independently sourced SSL certificates should consider requesting a revoke and reissue from their certificate vendor and may be directly contacted by their Certificate Authority in due course.

What to do next?

It is advisable to change passwords, especially if you are in the habit of using the same password on more than one website. If a compromised site was accessed and important security information obtained then you will be at risk.

Where do I find more information?

Visit heartbleed.com for information on the Heartbleed Bug itself.

There are a few online tools to check if a website is currently vulnerable:

This entry was posted in Web Security. Bookmark the permalink.

3 Responses to Heartbleed – Our Stance and Advice

  1. WebMe says:

    The BBC have a nice article on what you need to know about the Heartbleed bug here: http://w.me.uk/1sFJzY2

  2. WebMe says:

    This article has a high level list of common websites and whether they were vulnerable: http://w.me.uk/1k9ZOZg.
    In summary the following popular sites were vulnerable:
    Facebook
    Google/Gmail
    If This Then That
    Tumblr
    Yahoo/Yahoo Mail

  3. WebMe says:

    A new story has cropped up today stating that it may be illegal to run security checks against a site unless you have permission from the site owner to do so. Here’s a link to a Register article with more information: http://w.me.uk/PX8t6x

Leave a Reply

Your email address will not be published. Required fields are marked *