Over the past couple of days, a website vulnerability known as Heartbleed has been well documented.
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). – http://heartbleed.com
Nimbus Servers that are affected:
- Clients whose servers run on CentOS 6 (those who joined us on or after 20th January 2014) and who have an SSL running on their site.
- Clients whose servers run Litespeed
Any affected CentOS clients are automatically being updated – if you are running Litespeed that you purchased through us, your server will have already been secured. If you are a client who meets either of the above criteria, you can check your site/server by putting your domain in here: http://filippo.io/Heartbleed/
The Nimbus main site and youraccount.nimbushosting.co.uk area are unaffected.
General advice on wider internet browsing.
The current advice for your general web browsing is to change your passwords once you are assured that the site/service has been secured.
UPDATE – 12.58 11/04/14: We’ve patched all servers and run a scan across the entire network on the affected ports were confident all servers are now secure. You can confirm by testing your server/site here – http://filippo.io/Heartbleed/.