Hébergement web, cloud et solutions personnalisées
A vulnerability in the Bourne Again Shell (bash), dubbed “Shellshock,” has become a major security concern and drawn comparisons to the Heartbleed bug.
The post Could the Shellshock Vulnerability be the Next Heartbleed? appeared first on Web Hosting Talk.
Many of you may have heard about the recent OpenSSL security issue dubbed “The Heartbleed Bug.” OpenSSL is the open-source library that handles a lot of backend cryptographic functions on our systems, with SSL website traffic being a key usage area for our company. This bug could allow an attacker to retrieve some stored memory from the server and possibly gain access to the private key for that SSL certificate. If the private key for an SSL certificate is revealed, the attacker could then use that to decrypt future website traffic through a man-in-the-middle attack. Other private information in memory could also be revealed, like user names or passwords, that should not be made public.
This is a very serious bug as it affects a key piece of security on the Internet that we trust every day to protect private transactions with our our banks, our on-line shopping, and logging in to your web-hosting account at Site5.
Luckily, most of our servers are not affected by this vulnerability because this bug only affects a specific set of OpenSSL versions that we do not use on the vast majority of our servers. For all of our other servers that are affected, we are updating the OpenSSL release and any related software and then reissuing any SSL certificates on those servers, just as a precaution.
You can test your website for this bug by using the following on-line tool: http://filippo.io/Heartbleed/#site5.com. But if you are on any Site5 web hosting plan (including reseller, shared, cloud, VPS) then your website is already safe. If you are on an unmanaged VPS, it is your responsibility to perform the necessary upgrades to your system.
Additionally, if you would like to read more technical information about the bug, please check out this site: heartbleed.com
The post Heartbleed OpenSSL Security Issue appeared first on Site5 Blog – Web Hosting Built For Designers & Developers + Their Clients.
Site5 Blog – Web Hosting Built For Designers & Developers + Their Clients » Search Results » hosting
With the Heartbleed security bug being a good example of a potentially devastating open-source software vulnerability, the Linux Foundation has formed a multi-million dollar project to fund and support critical elements of the global information infrastructure.
Read More
‘Heartbleed’ one of the highly critical vulnerabilities detected in OpenSSL is an over spoken term leaving everyone over the web feel insecure, while they don’t have to. Before we head any further, let’s first try and understand about the CVE-2014-0160, … Continue reading
Web Hosting UK Blog | Dedicated Servers VPS Hosting Technology Updates
‘Heartbleed’ one of the highly critical vulnerabilities detected in OpenSSL is an over spoken term leaving everyone over the web feel insecure, while they don’t have to. Before we head any further, let’s first try and understand about the CVE-2014-0160, … Continue reading
Web Hosting UK Blog | Dedicated Servers VPS Hosting Technology Updates
Many of you may have heard about the recent OpenSSL security issue dubbed “The Heartbleed Bug.” OpenSSL is the open-source library that handles a lot of backend cryptographic functions on our systems, with SSL website traffic being a key usage area for our company. This bug could allow an attacker to retrieve some stored memory from the server and possibly gain access to the private key for that SSL certificate. If the private key for an SSL certificate is revealed, the attacker could then use that to decrypt future website traffic through a man-in-the-middle attack. Other private information in memory could also be revealed, like user names or passwords, that should not be made public.
This is a very serious bug as it affects a key piece of security on the Internet that we trust every day to protect private transactions with our our banks, our on-line shopping, and logging in to your web-hosting account at Site5.
Luckily, most of our servers are not affected by this vulnerability because this bug only affects a specific set of OpenSSL versions that we do not use on the vast majority of our servers. For all of our other servers that are affected, we are updating the OpenSSL release and any related software and then reissuing any SSL certificates on those servers, just as a precaution.
You can test your website for this bug by using the following on-line tool: http://filippo.io/Heartbleed/#site5.com. But if you are on any Site5 web hosting plan (including reseller, shared, cloud, VPS) then your website is already safe. If you are on an unmanaged VPS, it is your responsibility to perform the necessary upgrades to your system.
Additionally, if you would like to read more technical information about the bug, please check out this site: heartbleed.com