leflea Posted April 9, 2014 Report Posted April 9, 2014 I just checked that Hawkhost is using OpenSSL 1.0.1e (well, for the services I'm subscribed to) which is affected by the Heartbleed bug. Any advisory about this? Are there measures being taken to address this issue? how are we affected? References: * http://heartbleed.com * CNN - http://goo.gl/qBPck9 Quote
Tony Posted April 10, 2014 Report Posted April 10, 2014 You need to keep in mind since we use CloudLinux it's going to end up with backport fixes to numerous software. For example OpenSSL: it's still going to be 1.0.1e. Then of course Litespeed would be 4.2.9 which we have: http://www.litespeedtech.com/support/forum/threads/lsws-4-2-9-patches-heartbleed-bug.8504/ Quote
andrei Posted April 10, 2014 Report Posted April 10, 2014 Tony, is it necessary to change our passwords(client area, cpanel) ? I saw that a lot of websites(like Facebook, Godaddy, Instagram and so on) advised their users to change passwords after the patch that fixed Heartbleed bug was applied. I'm not a security expert, so don't get mad on me. Thanks for your time! Quote
Brian Posted April 14, 2014 Report Posted April 14, 2014 We have zero reason to believe we were impacted by the Heartbleed bug but unfortunately it's impossible to say 100% given the nature of this exploit. With that said we do still suggest rotating your passwords just to be safe. At this time we have revoked/re-issued all of our SSL certificates and applied all relevant updates to OpenSSL. Quote
devstart Posted April 24, 2014 Report Posted April 24, 2014 I just updated all of my password that using SSL. Be safe! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.