What is the Heartbleed bug, and how will it affect my services?

This article will explain the Heartbleed security breach, and what it means to you.

What is the Heartbleed bug?

The Heartbleed bug is a flaw in the OpenSSL module, which is typically used by popular services to provide SSL encryption between your web browser and the website you are viewing.

As part of it, information sent using this encryption, such as usernames, passwords and bank details, is vulnerable, in that it can potentially be extracted by hackers from the target server.

Please note: not all services that use OpenSSL, such as clients using Windows-based services, are affected by this bug.

While a fix to counteract this bug is available, it will have to be performed by the Web Admin of each server.

This bug fix only applies to Self-Managed clients. Managed clients will have their server patched by us.

The 123 Reg products that are affected by this are servers running:

  • Ubuntu 12.04.4 LTS (OpenSSL 1.0.1-4ubuntu5.11)
  • RedHat, CentOS 6.5 (OpenSSL 1.0.1e-15)

Please note: Windows IIS based dedicated server, VPS and Shared Hosting Accounts are not affected.

So how do I resolve this issue?

Please note: We recommend that you take a backup of your server before starting this process.

Login to your server using command line, and run the below commands:

For CentOS Servers:

yum update openssl

For Ubuntu Servers:

apt-get update && apt-get install libssl1.0.0

You should then reboot your server.

Once you have rebooted the server, you can test it by running:

rpm -q openssl

This will verify that the version is now updated to 1.0.1e-16.el6_5.4.01 or 1.0.1e-16.el6_5.7 or 1.0.1g.

Alternatively, you can test this online at http://filippo.io/heartbleed/

What happens next?

Owing to the nature of the bug, you will now need to reissue all SSLs assigned to the server and reset all your system passwords, email account passwords as well as any passwords for websites which may contain personal information such as social networking sites.