"Heartbleed Bug" OpenSSL Vulnerability Affecting Internet Community

  • Friday, 11th April, 2014
  • 21:19pm

Summary

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL through a flaw in OpenSSL's implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

Due to the nature of the vulnerability it is not possible to immediately know what information, including private keys, passwords, or session ID's, may have been compromised. Attacks that leverage the Heartbleed bug occur very early in an information exchange process, before a full connection has been made, and thus leaves no log history that an attack has occurred.

We also recommend that you take precautionary action concerning passwords used to authenticate against your client area login and cpanel login.


My account affected by Heartbleed?

webhost.lk SSL certificate end point was not vulnerable to the Heartbleed bug when it was publicly disclosed on April 7th 2014.

Any secure communication with our servers, such as logging into the client area ( https://secure.webhost.lk/clientarea.php ) , would not be affected by any attacks following the public disclosure of the Heartbleed bug.

The Heartbleed bug has had a profound impact on the transmission of secure data throughout the Internet.

It is for that reason we are encouraging our customers to reset their member area passwords at their earliest convenience as a matter of common password maintenance.

Please remember to always make your passwords unique, random, and periodically rotate them.

( Click here to learn about STRONG Passwords )

« Back