The Heartbleed bug and what you need to know


HeartbleedIn the last few days I am sure that you’ve heard about an Internet-wide security exploit called the Heartbleed bug. Security here at GreenGeeks is a top priority and we take it very seriously. Once learning about the exploit, technically referenced as CVE-2014-0160, we began to address it immediately.  We have created this article to help you understand a bit more about Heartbleed, how you can protect your information and what we’ve done to address it.

What is Heartbleed

The Heartbleed bug is a very serious security vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. It was nicknamed “Heartbleed” because the vulnerability could leak/bleed information and was involved in the Heartbeat function of OpenSSL. The weakness allows hackers to steal information that is normally protected by the SSL/TLS encryption used to secure the Internet. SSL encrypts information sent over networks such as web, email, IM, etc. With the bug, names, passwords, and any sensitive information could be “sniffed” resulting in stolen data directly from any website.

What is being done about the Heartbleed Bug?

The vulnerability was identified, given a reference of CVE-2014-0160 and was patched by the team at OpenSSL. This patch was made publicly available to service providers across the world, including GreenGeeks. We have patched, tested and verified that all of our systems are secured with this latest patch from OpenSSL.

As mentioned before, we take security very seriously and is a top priority for us. Upon discovering the exploit, we began immediate action to secure our servers. We believe that the likelihood of exploit is very minimal. As always, we will continue to be vigilant to ensure the safety and security of our systems.

Has GreenGeeks replaced their SSL’s?

Yes, upon discovery our team has quickly patched and replaced all SSL’s on our network.

Is My Server Vulnerable?

Anyone relying on OpenSSL was vulnerable. Upon discovery of the exploit, we patched our entire network and are now protected from the vulnerability.

Will the SSL I purchased from GreenGeeks be Updated?

Yes, while the risk of exploitation is extremely low, as a pre-caution we are working with our SSL provider to re-issue all SSL certificates that were purchased directly through us. This process is being done automatically for you and there is no involvement required.

What if I purchased an SSL certificate from a third-party provider?

Re-issuing the certificate is a choice you’ll have to make. If you feel that it’s worth your time, then it’s a good idea to get your SSL reissued. The likelihood of your keys being exploited are very low. If you decide to go ahead with the change, then please contact your SSL provider. Once you’ve received your new private key, certificate and CA bundle, our team will be more than happy to help you install the certificate. Alternatively, you can simply buy a new SSL certificate through us where we will handle similar situations such as this for you.

Has any of my information been compromised?

Anyone relying on OpenSSL was vulnerable. Upon discovery, we immediately patched our system. The chance that your keys were exploited are very minimal due to the lack of public exploit at the time of disclosure. We recommend that you always change your password regularly and can do so through our Account Manager.

You can test to see if you’re vulnerable by using the HeartBleed Checker

You can learn more about the Heartbleed Bug at heartbleed.com.

 

We’re making your hosting experience even faster!

Faster Hosting Experience

GreenGeeks has always been at the forefront of providing the latest hosting technology and late last week an e-mail was sent out to customers announcing that every GreenGeek would be receiving a free upgrade that will boost performance and reliability.

So what exactly is being done?

1. Core CPU & Memory Upgrades.

We will be replacing older processors for newer, faster ones and increasing the available memory on all of our servers across all services. This means that our servers will be able to handle even more load and faster than ever before.

2. Introduction of SSD Accelerated Storage.

We will be implementing SSD Accelerated Storage, which makes use of Solid State drives on top of our already powerful and reliable RAID-10 storage array configuration. We’ve been able to decrease page load times by 50% and overall system load by over 150%.

3. Introduction of FastCGI PHP Processing.

Implementation of FastCGI on shared, reseller and premium servers will allow repeatedly accessed PHP scripts, such as WordPress, Joomla, Drupal to be stored and loaded from cache which greatly improves the speed of your website load times.

These upgrades are being made available to customers automatically. Over the next few weeks, as we progress from server to server, customers will receive a scheduled maintenance e-mail that will be required to make these upgrades happen.

Thank you for choosing GreenGeeks as your web hosting provider and look forward to helping your web presence succeed in 2014.

Recent ICANN changes & How they affect you!

icann

Earlier this year, Internet Corporation of Assigned Names & Numbers (ICANN) published an updated Registrar Accreditation Agreement (RAA). These changes are scheduled to go into effect January 1st 2014 and will affect all domain owners both with GreenGeeks® or another domain registrar. To review a quick technical summary of the policy change check our our educational article ICANN RAA 2013 Changes. This blog article is a more simplistic explanation including examples of what will take place.

Continue reading