WestNIC.net Online CommunityWestNIC.net 24/7 SupportDesk Hosting Tutorials Network Status

Go Back   WestNIC.net Online Community > Support Forums > Dedicated Security Certificates (SSL)

Reply
 
Thread Tools Display Modes
  #1  
Old 04-09-2014, 18:31
Mike Mike is offline
WestNIC Staff
 
Join Date: Mar 2005
Location: New York
Posts: 140
Exclamation OpenSSL "Heartbleed bug" (critical security issue)

Two days ago we received following security notice from OpenSSL:

"TLS heartbeat read overrun (CVE-2014-0160)
==========================================

A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.

Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.

Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley and Bodo Moeller for
preparing the fix.

Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.

1.0.2 will be fixed in 1.0.2-beta2."


You can find more information about this bug on wikipedia: http://en.wikipedia.org/wiki/Heartbleed

OpenSSL Heartbleed bug in details: http://heartbleed.com/


We've been working 48 hours in a row applying security patch to all Apache servers with affected OpenSSL module. Around 60% of our servers aren't affected. They use different module - mod_ssl OR OpenSSL 0.98. At this moment, all affected servers have been patched. Servers with *.westnic.net IDs (for example, star.westnic.net) were never affected by this bug.

If you use SSL on any domain name, you can use online tool to discover if your website affected or not: http://filippo.io/Heartbleed/

Situation with OpenSSL is very serious and we'll continue to monitor for latest news and events. Please stay tuned.
__________________
Reliable reseller hosting provider since 2002.
Too good. It's true!


http://www.westnic.net
1-800-438-0260
Reply With Quote
Reply

Tags
https, openssl, security

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 23:52.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
WestNIC.net - US based multidomain web hosting