News and blog

Heartbleed bug – Security issue

Heartbleed bug – Security issue

As you might have seen in the news there has been a big security issue called the “heartbleed bug” the last couple of days surrounding OpenSSL. OpenSSL is a common software used for securing connections to and from a web server. If your server uses certificates, it’s possible (or even likely) that it uses OpenSSL.

Most of our servers were automatically patched for this issue and we spent the time after the report surfaced verifying that our infrastructure was secure, as well as all managed client machines.

What to do now?

If you have shared or managed services with us we have taken care of the issue for you and updated the software. If you want to have your certificates replaced please contact the support. Also, there is a widespread recommendation that users should replace any passwords used on sites to avoid identity theft. We strongly recommend that users use strong passwords, different passwords on different sites and update any sensitive sites – using a weak password on several sites is a security risk. Check out Lastpass for example as a way of handling strong passwords for each site.

If you have an unmanaged server, please confirm that those managing that server has taken steps to secure the server, or contact Rackfish Support to get advisory or order services.

More information and LOTS of references could be found at Wikipedia