Serious Heart Bleed flaw in OpenSSL

[leflea]

I just checked that Hawkhost is using OpenSSL 1.0.1e (well, for the services I'm subscribed to) which is affected by the Heartbleed bug. Any advisory about this? Are there measures being taken to address this issue? how are we affected?

 

References: 

* http://heartbleed.com

* CNN - http://goo.gl/qBPck9

[Tony]

You need to keep in mind since we use CloudLinux it's going to end up with backport fixes to numerous software.  For example OpenSSL:  it's still going to be 1.0.1e.  Then of course Litespeed would be 4.2.9 which we have:  http://www.litespeedtech.com/support/forum/threads/lsws-4-2-9-patches-heartbleed-bug.8504/

[andrei]

Tony, is it necessary to change our passwords(client area, cpanel) ? I saw that a lot of websites(like Facebook, Godaddy, Instagram and so on) advised their users to change passwords after the patch that fixed Heartbleed bug was applied. I'm not a security expert, so don't get mad on me.

 

Thanks for your time!

[Brian]

We have zero reason to believe we were impacted by the Heartbleed bug but unfortunately it's impossible to say 100% given the nature of this exploit. With that said we do still suggest rotating your passwords just to be safe. At this time we have revoked/re-issued all of our SSL certificates and applied all relevant updates to OpenSSL.

[devstart]

I just updated all of my password that using SSL. Be safe!