Many of you may have heard about the recent OpenSSL security issue dubbed “The Heartbleed Bug.” OpenSSL is the open-source library that handles a lot of backend cryptographic functions on our systems, with SSL website traffic being a key usage area for our company. This bug could allow an attacker to retrieve some stored memory from the server and possibly gain access to the private key for that SSL certificate. If the private key for an SSL certificate is revealed, the attacker could then use that to decrypt future website traffic through a man-in-the-middle attack. Other private information in memory could also be revealed, like user names or passwords, that should not be made public.
This is a very serious bug as it affects a key piece of security on the Internet that we trust every day to protect private transactions with our our banks, our on-line shopping, and logging in to your web-hosting account at Site5.
Luckily, most of our servers are not affected by this vulnerability because this bug only affects a specific set of OpenSSL versions that we do not use on the vast majority of our servers. For all of our other servers that are affected, we are updating the OpenSSL release and any related software and then reissuing any SSL certificates on those servers, just as a precaution.
You can test your website for this bug by using the following on-line tool: http://filippo.io/Heartbleed/#site5.com. But if you are on any Site5 web hosting plan (including reseller, shared, cloud, VPS) then your website is already safe. If you are on an unmanaged VPS, it is your responsibility to perform the necessary upgrades to your system.
Additionally, if you would like to read more technical information about the bug, please check out this site: heartbleed.com