New security vulnerabilities are an ongoing concern across all applications and services. The latest one, the so-called “Heartbleed” Bug in the OpenSSL cryptographic library, is especially concerning for anyone interacting with the internet ie. everyone.
The OpenSSL cryptographic library is widely deployed to power Secure-Socket Layer (SSL) and Transport Layer Security (TLS), which are at the heart of Internet security. In other words, this security hole is very serious.
The flaw can potentially be used to reveal not just the contents of a secured-message, such as a credit-card transaction over HTTPS, but the primary and secondary SSL keys themselves. This data could then, in theory, be used as a skeleton keys to bypass secure servers without leaving a trace that a site had been hacked.
This bug is not a problem with OpenSSL’s design specifically, it is a problem with the implementation.
What does this mean for Digital Guerilla and Revolution Press clients?
Our servers are managed by Netregistry and their core Cloud environment is NOT and was never vulnerable to this exploit in any way. Our Security Team have also reviewed our cPanel environment and have taken immediate steps to secure the vulnerability, is no longer susceptible to exploit. There is no evidence of the exploit on our cPanel platform, we are confident that your data housed on our infrastructure is safe.
We always recommend regular changes of all your passwords, particularly following a global vulnerability similar to this one. While we and Netregistry have acted immediately to mitigate the risk of this exploit if you are using the same passwords for services with other vulnerable providers, there is always the potential that the exploiter could use these exploited passwords to access your accounts with non vulnerable providers like Netregistry.
If you have any questions regarding this OpenSSL vulnerability, please don’t hesitate to contact our Technical Support team.