Heartbleed Image

How To React To Heartbleed

April 10th, 2014 by

If you’ve watched the news or read a paper in the past 24 hours, you might be familiar with the word Heartbleed. In a nutshell, it’s a bug that’s exposed a vulnerability in the OpenSSL software that’s used by web servers around the world.

So what does this mean in the Queen’s English?

Well, websites and apps use OpenSSL to encrypt the data they send back and to. It’s used by shopping websites, banks, and some social media sites to protect passwords and other sensitive information.The Heartbleed bug has found a way of getting access to some of this encrypted information.

But don’t panic. Heartbleed hasn’t affected every server with OpenSSL. At UK2, we’ve checked all our servers and we’re Heartbleed-free. If you have web hosting with us, or if you use our website builder, you can keep calm and carry on, because your products have been patched – in other words, they don’t use the dodgy version of OpenSSL that’s causing the problems.

Extra Armour

As in every case of security, there are extra things we really recommend you do to make sure you’re safe. For starters, you can refresh all the passwords you use to access your UK2 products.

If You Run your Own Server

If you run your own server or virtual machine, meanwhile, and you have installed OpenSSL yourself, for use with a self-generated or purchased key, then you can boost your security by updating to the latest version of OpenSSL ASAP. This can be done in 4 simple steps.

Step 1

Check whether your server is running an unpatched version of OpenSSL. To do this, simply log-in to your server and use the following command to check which version you are using.

openssl version -a

The following version is vulnerable…

OpenSSL 1.0.1 through 1.0.1f (inclusive)

While these versions are not…

OpenSSL 1.0.1g

OpenSSL 1.0.0 branch

OpenSSL 0.9.8 branch

CloudLinux OpenSSL 1.0.1e-16el6_5.7

Step 2

If you find you are running a vulnerable version, you can update by using the following commands…

CentOS

yum check-update

yum –y update openssl

Ubuntu

sudo apt-get update

sudo apt-get install openssl

Debian

sudo apt-get update

sudo apt-get install openssl

Fedora

sudo yum –y install openssl

Step 3

Next, check the build date of OpenSSL again to ensure it’s a date of April 7 2014 or later.

Step 4

Finally, once you’ve updated OpenSSL, it’s a good idea to regenerate your secure keys and invalidate the ones you were using before. Then restart your services to seal the security deal.

 

  • Share this post

John Morris - running-1

Run Morris, Run!

News

New UK2: The Latest News

Leave a Response