Need help? Chat now!

Hostwinds Blog

Search results for:


Hostwinds Protects Clients as Heartbleed Bug Raises Concerns Featured Image

Hostwinds Protects Clients as Heartbleed Bug Raises Concerns

by: Bryon Turcotte  /  April 9, 2014


The concerns of security experts and technical professionals around the globe have recently been raised as a serious exploit known as the Heartbleed Bug has raised its ugly head in the "OpenSSL cryptographic library_" which, according to articles published by The Epoch Times and Before Its News, "_could essentially allow attackers to gain access to highly sensitive information._" This "_major flaw in the security of the World Wide Web_" – discovered by a team of security engineers at both Codenomicon and Google Security – has many security professionals feeling "_panicked." Heart Bleed has been simply explained as a bug that "_allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software_, "according to reports.

The Heartbleed Bug proves itself to have created a "_massive vulnerability_" since OpenSSL – the widely used open-source software package which encrypts Web communications – has been left open to allow invaders to "_steal the information that is normally protected by SSL/TLS encryption_, "according to these reports. Logically, this bug affects "_a lot of Internet users_" since "_Web applications, e-mail communications, instant messaging (IM) and some virtual private networks (VPNs)_" can be opened to attack, according to reports. Experts confirm, according to these reports, that this vulnerability may also compromise "_passwords, private communications, and even credit card information_" on a large scale, making stealing private data even easier for cybercriminals.

Published statements from the research teams currently evaluating this bug were quoted in one article to say, "_We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials, we were able to steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, e-mails, and business-critical documents and communication._" According to researchers and the security experts now addressing the situation, "_the Internet will remain vulnerable as long as the flawed version of OpenSSL is in use. Fixed OpenSSL has been released. It must be deployed._" Additionally, to warn and educate users globally, numerous security agencies have posted statements quoted in these reports that say the following:

"_Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users," the post says. "Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances, and software they use._."

PLEASE NOTE: The Hostwinds team has been working diligently to address this issue. We are pleased to communicate to our family of clients that our shared servers are patched and that all Hostwinds clients are protected.

HeartBleed.com is a website made available to explaining this Heart Bleed bug in detail, educate the masses, and answer a number of questions people may have concerning this serious situation.

Read more details about The Heartbleed Bug in the full articles at The Epoch Times, Before Its News, HeartBleed.com, and Threat Post, and learn more about what is being done regarding this vulnerability.

Written by Bryon Turcotte  /  April 9, 2014