Earlier this week, a critical security vulnerability (nicknamed the Heartbleed bug) was found in a piece of software called OpenSSL. OpenSSL is a very widely used piece of software used on web servers to secure Internet connections, among other things. Here is a BBC news article describing the vulnerability.

This vulnerability could be exploited to reveal sensitive information stored in the memory of a server that would otherwise be protected.

What this means for our customers

You're safe.

We have no reason to believe that any of your private information has been compromised.

Only some editions of OpenSSL suffer from the vulnerability. Our systems did not use a vulnerable edition of OpenSSL.

Precautionary measure we have taken: Even though we have no reason to believe that information in our system has been compromised, as a precautionary measure, we have regenerated all of the encryption keys involved in securing the connection to our customers.

Precautionary measure we suggest customers take: If you use use SSL on your VPS, Dedicated or Housing servers, the chances are high that you are using OpenSSL and that your version of OpenSSL suffers from this vulnerability (more than 66% of the world wide web is or was vulnerable, according to heartbleed.com).

We strongly recommend patching your systems immediately, and then regenerating the SSL keys used on your web server and any passwords linked to your web server. See this Stackexchange discussion for some useful 'what to do' information. In events like these, it is always best to assume to worse has already happened and to secure all of your systems.

Questions

If you have any questions, our team is always on hand to help.

NiNet Company
Support Team