Heartbleed Vulnerability Update

heartbleedThe Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows information to be stolen that is protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

Services at TrevNet Media

We have been asked multiple times over the last week regarding our hosting infrastructure, your data, and our managed hosting servers. All of our effected servers have been updated and the security hole has been patched. Due to the nature of this security bug, it’s not possible for us (or anyone else effected) to tell you if your passwords may have been compromised since no data is logged. We can, however, assure you that all of our managed servers running OpenSSL have been updated since April 9th.

Heartbleed Explained

The problem affects a piece of software called OpenSSL, which is used for security on popular web servers. With OpenSSL, websites can provide encrypted information to visitors, so the data transferred (including usernames, passwords, and cookies) cannot be seen by others while it goes from your computer to the website.

Heartbleed exploits a built-in feature of OpenSSL called heartbeat. When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is the heartbeat.

Check out this article to read more about how it works.

heartbleed_explanation.png.pagespeed.ce.jwNX4Q4jukSource: http://xkcd.com/1354/

What you should do

If you want to be on the safe side, we would recommend that you reset your passwords on any accounts you have with our services where you connect with SSL. While we don’t know if any data was stolen while any of our systems were vulnerable, it’s a possibility.

Over 60% of the internet was effected by this bug; this includes many popular sites you most likely use, or have used. Check out this list to get up to date. It includes websites like Facebook, LinkedIn, Google, GoDaddy, Netflix, Hulu, and more.

Leave a Comment