In the last few days I am sure that you’ve heard about an Internet-wide security exploit called the Heartbleed bug. Security here at GreenGeeks is a top priority and we take it very seriously. Once learning about the exploit, technically referenced as CVE-2014-0160, we began to address it immediately. We have created this article to help you understand a bit more about Heartbleed, how you can protect your information and what we’ve done to address it.
What is Heartbleed
The Heartbleed bug is a very serious security vulnerability in the popular OpenSSL cryptographic software library used to secure information traffic across much of the Internet. It was nicknamed “Heartbleed” because the vulnerability could leak/bleed information and was involved in the Heartbeat function of OpenSSL. The weakness allows hackers to steal information that is normally protected by the SSL/TLS encryption used to secure the Internet. SSL encrypts information sent over networks such as web, email, IM, etc. With the bug, names, passwords, and any sensitive information could be “sniffed” resulting in stolen data directly from any website.
What is being done about the Heartbleed Bug?
The vulnerability was identified, given a reference of CVE-2014-0160 and was patched by the team at OpenSSL. This patch was made publicly available to service providers across the world, including GreenGeeks. We have patched, tested and verified that all of our systems are secured with this latest patch from OpenSSL.
As mentioned before, we take security very seriously and is a top priority for us. Upon discovering the exploit, we began immediate action to secure our servers. We believe that the likelihood of exploit is very minimal. As always, we will continue to be vigilant to ensure the safety and security of our systems.
Has GreenGeeks replaced their SSL’s?
Yes, upon discovery our team has quickly patched and replaced all SSL’s on our network.
Is My Server Vulnerable?
Anyone relying on OpenSSL was vulnerable. Upon discovery of the exploit, we patched our entire network and are now protected from the vulnerability.
Will the SSL I purchased from GreenGeeks be Updated?
Yes, while the risk of exploitation is extremely low, as a pre-caution we are working with our SSL provider to re-issue all SSL certificates that were purchased directly through us. This process is being done automatically for you and there is no involvement required.
What if I purchased an SSL certificate from a third-party provider?
Re-issuing the certificate is a choice you’ll have to make. If you feel that it’s worth your time, then it’s a good idea to get your SSL reissued. The likelihood of your keys being exploited are very low. If you decide to go ahead with the change, then please contact your SSL provider. Once you’ve received your new private key, certificate and CA bundle, our team will be more than happy to help you install the certificate. Alternatively, you can simply buy a new SSL certificate through us where we will handle similar situations such as this for you.
Has any of my information been compromised?
Anyone relying on OpenSSL was vulnerable. Upon discovery, we immediately patched our system. The chance that your keys were exploited are very minimal due to the lack of public exploit at the time of disclosure. We recommend that you always change your password regularly and can do so through our Account Manager.
You can test to see if you’re vulnerable by using the HeartBleed Checker
You can learn more about the Heartbleed Bug at heartbleed.com.