The Heartbleed Bug

You may have heard the news yesterday of the Heartbleed Bug, a serious vulnerability in Open SSL.

The bug allows malicious clients to view chunks of decrypted system memory. This can be used to build a picture of the contents of your systems RAM which in turn could be used to find information like the SSL private key which is the counterpart to your public SSL certificate.

We understand that our customers may be concerned and will wonder if they are affected so we’d like to inform our customers first that that our shared hosting and billing systems are not affected and are all up to date.

What if you have a dedicated server or VPS?

If you have a dedicated server of VPS then this normally falls under the scope of your own management.

You can test to see if you are vulnerable by using the test tool located at http://filippo.io/Heartbleed/

The test tool will show you if you are exposed to this vulnerability.

Things you should know

• All vendors either have released a patch already or will do so shortly.  If you update your Open SSL today or from this point forward you should remain patched.
• Older distributions and vendor supplied OpenSSL packages that are based on OpenSSL 0.9.8 or 1.0.0, and are not vulnerable.
• Linux servers are those that are most likely affected although a Windows server that employs a version of Open SSL might be affected.

Not sure of what to do?

In that case contact us at support [at] hostinguk.net or call 01745 586070 and we’ll advise or if required we may be able to assist you.

The Hosting UK Support Team