'Heartbleed' website security information
8th April 2014
Today, an important security alert was issued which reported a serious liability from within the Internet's most popular software encryption library, OpenSSL. The flaw, named 'Heartbleed' affected the security and privacy of countless websites, email providers, instant messaging (IM) and virtual private networks (VPNs).
The vulnerability was initially spotted by software engineers from Google Security and Codenomicon. The bug could enable malicious attackers to steal information which would typically be protected by OpenSSL's encryption. This included website applications and communications via instant messenger, virtual private networks and email. Content, passwords, credit card information and private communications were included in the data that would now be at risk.
Heartbleed's dedicated webpage reads,
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software...This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users."
As it is the most popular open source encryption library, most users will be affected directly or indirectly. However, it's not all bad news! Sponge's technical team got to work on our servers straight away, closing the loophole and guarding our clients' sites from any malicious attacks. In the interest of extra safety precautions, we are in the process of regenerating all of the affected keys and are reissuing the associated security certificates, so that our clients can be assured that their data is fully protected.
We are committed to providing superior software and services which protect our clients in these unusual instances. If you’d like us to test if your secure server is vulnerable to this exploit, please get in touch.