Heartbleed Software Bug
As many of you have already heard a major vulnerability was found recently in Open SSL which is widely used to secure forms. The following is a quote from heartbleed.com describing the bug:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
For those who have not visited our knowledgebase to read our update regarding this vulnerability, we have provided it here:
The security of our customers is a top priority at iPage. We began addressing this issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. We will continue to work to protect the security of our customers and their data.
Learn more about the Heartbleed Vulnerability at heartbleed.com.
Learn if your site is vulnerable by going to heartbleedcheck.com.
Heartbleed Questions and Answers
Q: Is my server vulnerable?
A: There was a period when anyone relying on openssl was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure.
Q: Has iPage replaced its own SSLs?
A: Yes, upon the disclosure of the vulnerability we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued.
Q: Should I replace my SSLs?
A: That is a personal choice. If you feel it's worth the time, or if you are dealing with sensitive data, then it's a good idea to have your cert re-issued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to reissue, we will be happy to assist.
Q: Was my security or privacy compromised?
A: There was a period when anyone relying on openssl was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure.
Q: Should I change all of my passwords because of the heartbleed exploit?
A: Changing your passwords periodically, using strong passwords and keeping your passwords secure are things that we always recommend. While we can't say for sure what the extent of the potential impact of this heartbleed exploit may be, we always feel that it's a good idea to exercise best practices when it comes to password usage. If you haven’t changed your passwords recently (or even if you have), this is a great opportunity to do so, while you’re thinking about it.
Article By Sophia+