123 Reg logo Blog

Everything you need to know about the Heartbleed Bug threat

By Thomas Costello - April 16, 2014

On 7th April 2014 a serious vulnerability in the open-source cryptography library OpenSSL was discovered. It was a severe memory handling bug in their implementation of the TLS Heartbeat extension, which is why it has been dubbed the Heartbleed Bug.

The vulnerability has existed since December 31st 2011 and became widespread in March 2012 following the release of OpenSSL version 1.0.1. When it was discovered, it was believed that half a million of the Internet’s secure web servers certified by trusted authorities were now vulnerable to an attack.

As so many companies use this software to keep their systems secure and such a threat could have serious repercussions which is why immediate action has been required throughout the internet. OpenSSL has now fixed this vulnerability in its latest version and patches are available to fix affected systems.

You can learn more about the bug by watching this video.

You will be pleased to hear that 123-reg.co.uk has not been affected by this issue as our platform does not use the version of the technology that was affected. However, our SSL certificates have been updated anyway as a precaution to ensure they conform to the latest security standards.

As a result of this issue many companies are recommending that you update your passwords on your accounts just in case your login or personal details have been stolen because of this issue and therefore prevent anyone gaining access to your accounts. This is only a precaution but it is necessary to protect yourself and your data.

At 123-reg, we are urging server administrators to install the latest version of OpenSSL or obtain a patch from their software vendor to ensure their server is protected.

This is because platforms running the affected OpenSSL versions may be at risk and it would be advisable for these people to have their SSL reissued.

If you have purchased SSL certificates from us, simply generate new CSRs and private keys then raise a support ticket with our support team who will be happy to assist. If your SSL is supplied by a third party, please ensure you contact them for guidance on re-issuing.

Remember it’s better to be safe than to be sorry, so if you think you might be affected follow these simple steps to ensure you are protected.