It's been a while since there was a computer security bug that we all had to worry about. Unfortunately, it seems like we may all have been facing one for two years and not even realized it.

Earlier this week, security researchers announced a security flaw in OpenSSL, a popular data encryption standard, that gives hackers who know about it the ability to extract massive amount of data from the services that we use every day and assume are mostly secure.

This isn't simply a bug in some app that can quickly be updated - the vulnerability is in on the machines that power services that transmit secure information, like Facebook and Gmail.

 

Steps that we are taking:

  • We have updated the OpenSSL packages installed on all our shared hosting servers
  • At 05:30 hrs (GMT) on 11 Apr, 2014 we will force-terminate all active logged in sessions to prevent abuse by any hackers who may have exploited this bug.
  • At this time, you may experience a disturbance of upto 5 minutes and no orders or API will be processed. You will be required you to login again to continue managing your account

 

Steps that you have to take:

  1. The Heartbleed bug makes it practically impossible to detect history of abuse, but to be on the safer side, we strongly recommend that you change your Account passwords.
  2. Hosting and/or SSL Certificate customers with Zeus Hosting:
    1. You will need to re-issue the SSL certificate from the control panel.
  1. You will need to contact your vendor to re-issue the SSL certificate if you have purchased it from another vendor. Once the SSL certificates are re-issued, you need to install the new certificates under the hosting packages.
  2. You will need to install the reissued SSL Certificate by following the instructions relevant to you from the below options:

For cpanel:
http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/ActivateSSLOnYourWebsite

For Plesk:
http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-administrator-guide/index.htm?fileName=70920.htm

 

What is the Heartbleed bug?

Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of sites on the web that need to transmit data users want to keep secure. It basically gives you a "secure line" when you're sending an email or chatting on IM.

Encryption works by making it so that data being sent looks like nonsense to anyone but the the intended recipient.

Occasionally, one computer might want to check that there's still a computer at the end of its secure connection, so it will send out what's known as a "heartbeat," a small packet of data that asks for a response.

Due to a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end of a connection into sending over data stored in its memory.

How bad is that?

It's really bad. Web servers can keep a lot of information in their active memory, including user names, passwords, and even the content that user have uploaded to a service. But worse even than that, the flaw has made it possible for hackers to steal encryption keys, the codes used to turn gibberish encrypted data into readable information.

With encryption keys, hackers can intercept encrypted data moving to and from a site's servers and read it without establishing a secure connection. This means that unless the companies running vulnerable servers change their keys, even future traffic will be susceptible.

Should you require any further information about this email, please feel free to get in touch with us.

Regards,
Zeus Hosting Inc



Thursday, April 10, 2014





« Back

Powered by WHMCompleteSolution