Hopefully you will have heard about Heartbleed, it’s been widely reported on various media over the last couple of days. In summary Heartbleed enables criminals to steal all sorts of data held and accessed through an encrypted channel called SSL, represented by a website address that starts in https. Specifically Heartbleed exploits a serious vulnerability in the popular OpenSSL cryptographic software library.
Heartbleed and WebMe Hosting
All WebMe infrastructure and shared web hosting servers were patched on Tuesday morning as soon as the vulnerability was announced; we are in the process of revoking and reissuing our own SSL certificates.
We are currently setting up a bulk reissue process, once in place we will automatically reissue and install all shared web hosting certificates; shared hosting customers do not need to do anything.
Customers with WebMe issued SSL certificates will be contacted either by ourselves or our Certificate Authority in due course and at this point you will be able to request a certificate revoke and reissue from us.
Customers with independently sourced SSL certificates should consider requesting a revoke and reissue from their certificate vendor and may be directly contacted by their Certificate Authority in due course.
What to do next?
It is advisable to change passwords, especially if you are in the habit of using the same password on more than one website. If a compromised site was accessed and important security information obtained then you will be at risk.
Where do I find more information?
Visit heartbleed.com for information on the Heartbleed Bug itself.
There are a few online tools to check if a website is currently vulnerable: