1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HeartBleed serious SSL vulnerability

Discussion in 'Web Hosting' started by marketmonster, Apr 10, 2014.

Tags:
  1. marketmonster

    marketmonster Junior Member Premium Member

    Joined:
    Dec 19, 2011
    Messages:
    112
    Likes Received:
    51
    Heads up guys! Anyone here running a site that uses an SSL certificate you need to look at http://heartbleed.com. There is a serious vulnerability that affects millions of websites where an attacker can obtain master keys and access pretty much all kinds of sensitive information (user/pass, etc) from your server. That site outlines the problem and the steps to resolve it. This isn't another run-of-the-mill security update but is rather something that you should be taking seriously if you run a service that uses an SSL cert.

    Even if you don't run a server like this you should consider updating your password as pretty much any place where you have a user account probably uses a SSL cert which means that user accounts/passwords could have been taken.

    The worst part is that the attack leaves no trace, so we have no idea if it happened to you or how widespread the issue is.
     
    • Thanks Thanks x 1
  2. Porphyrogenitus

    Porphyrogenitus Junior Member

    Joined:
    Oct 12, 2011
    Messages:
    113
    Likes Received:
    71
    This just continues to prove the general maxim that no system is truly safe. Anyone who believes their connection is safe is a fool. Best to just see it as what it is: a deterrent. Patch it, but don't stake your life on it.
     
  3. loedown

    loedown Jr. VIP Jr. VIP Premium Member

    Joined:
    Jun 29, 2009
    Messages:
    1,478
    Likes Received:
    451
    Home Page:
    A lot of the hosts have already fixed their shared / reseller farms. I checked rackspace this morning and they are still updating.
     
  4. Darshan M.

    Darshan M. Newbie

    Joined:
    Jun 30, 2013
    Messages:
    27
    Likes Received:
    0
    It is strongly recommended to check your VPS and dedicated servers from filippo.io/Heartbleed/


    If it is determined that you do have the vulnerability, you can apply patches to overcome this vulnerability.
     
  5. micjustin33

    micjustin33 Newbie

    Joined:
    Feb 3, 2014
    Messages:
    25
    Likes Received:
    2
    This flaw explains why we shouldn't put anything critical into cyberspace. It can be a very long time until a certain problem is fixed. Sometimes it may never be fixed because it is never publicized. I'm surprised this bug wasn't sold to organized crime.