Today, the world is abuzz with talk about the Heartbleed Bug, "A serious vulnerability in the popular OpenSSL cryptographic software library".  This bug allows malicious users to pull sensitive information from web servers.  

The good news for Foremost Media hosted customers is that we host your sites on Microsoft IIS which is NOT vulnerable to this exploit.  

Microsoft’s IIS web server does not use the OpenSSL library for encrypting traffic so you can rest easy.  If you would like additional verification that your site is not vulnerable to this exploit you can run a test using this tool:  http://filippo.io/Heartbleed/

Please note that the above statement applies to Foremost Media shared hosting clients as well as managed clients with cloud servers or dedicated servers hosting with us.  If we built your site but you host it elsewhere please contact your web host.   For a more in depth technical analysis of this exploit including the specific versions of OpenSSL affected please refer to this URL for additional information:  www.heartbleed.com

But what about sites you have visited that may be vulnerable?

Unfortunately, there's not much you can do about this. The only way to fix this problem is for the vulnerable sites to update OpenSSL and reissue their security certificates.

If possible, try to avoid connecting to vulnerable sites and services until they notify you of a fix. Changing your password won't help until the site has fixed the bug, so wait for confirmation from your favorite sites before you go changing passwords. If and when you do get confirmation, audit and update your passwords as usual. If a site is not vulnerable but doesn't issue a statement, change your passwords just in case they were vulnerable in the past. After all, it can't hurt. 

0 comments:

Post a Comment