Earlier this week a security leak was discovered in the latest versions of OpenSSL (v1.0.1). This leak allows attackers to access encrypted information + the associated private keys used for the encryption. OpenSSL is mainly used on Linux servers, often combined with Apache in a web server configuration. This means that the main targets will be webservers.
Which versions are vulnerable?
All versions from 1.0.1 to 1.0.1f of OpenSSL are vulnerable to this specific exploit. Version 1.0.1g or 1.0.2beta2 fixes the problem and makes OpenSSL secure again.
You can download the patch to close this leak a the OpenSSL website. In some cases existing keys will need to be removed and new certificates will have to be issued to guarantee the security of your servers.
All of the chociz shared webhosting and vps servers have already been updated to the new version of OpenSSL and are secure. You are able to run a check on wether or not your own webserver contains this leak at http://filippo.io/Heartbleed/.
If you require any help with the installation of the new OpenSSL patch please contact the support department and we will be happy to assist.
What additional measures can I take to protect my account?
We recommend to change your password frequently and are here are a few tips:
• A longer password with atleast 12 characters.
• A password can be a sentence and can include spaces.
• A sentence is easier to remember than a sequence of arbitrary characters.
