Warning! Critical vulnerability in OpenSSL

Blog Categories

Basket of services

Company news

Thursday, 24 December 2015: Merry Christmas and Happy New Year!
Monday, 20 April 2015: Accepting payments through payment system Webmoney and Z-Payment restored
Saturday, 18 April 2015: Unavailable accepting payments via Webmoney and Z-Payment
Thursday, 05 March 2015: To order new services are available - DNS hosting and secondary DNS server
Wednesday, 25 February 2015: Added new ways to pay for services

Recent blog posts

Warning! Critical vulnerability in OpenSSL

Tuesday, 08 April 2014 01:11

Network Security

Just yesterday, was made public a critical vulnerability in OpenSSL.

The vulnerability is related to the lack of adequate bounds checking in one of the procedures expansion Heartbeat (RFC6520) protocol TLS / DTLS. Due to the small mistakes anyone can gain access to the computer's memory, whose communication "protected" vulnerable version of OpenSSL. In particular, the attacker gains access to the private key, user name and password and all content to be transmitted in encrypted form. When this leaves no traces of penetration into the system.

Thus this vulnerability, even the most conservative estimates, at least one third of all the servers in the world.

Check whether your server is vulnerable, you can use online resources http://filippo.io/Heartbleed/ and http://possible.lv/tools/hb/

If the vulnerability is confirmed, it is necessary to immediately upgrade OpenSSL, and then restart the services that use it: apache, nginx, mail services, etc.

Our company has already completed the update on all the servers you are located in our service, as well as shared hosting servers.

Users are not being serviced by our company may also, if necessary, seek help from us for a fee.

Tagged under:

Read: 1581 times