What is the Heartbleed bug, and how will it affect my services?
This article will explain the Heartbleed security breach, and what it means to you.
What is the Heartbleed bug?
Heartbleed compromises webservices using OpenSSL to encrypt sensitive data on their website, meaning that only the service provider and their intended recipients can make sense of it. Many popular services, such as Twitter, Facebook and Gmail, make use of OpenSSL.
The Heartbleed bug means that information sent using this encryption is vulnerable. This means that all data, including the site’s content, user passwords, and encryption keys, sent across the connection are viable targets for attack.
While a fix to counteract this bug is available, it will have to be performed by the Web Admin of each server.
This bug fix only applies to Self-Managed clients. Managed clients will have their server patched by us.
The 123 Reg products that are effected by this are, servers running:
- Ubuntu 12.04.4 LTS (OpenSSL 1.0.1-4ubuntu5.11)
- RedHat, CentOS 6.5 (OpenSSL 1.0.1e-15)
Please note: Windows IIS based dedicated server, VPS and Shared Hosting Accounts are not affected.
So how do I resolve this issue?
Please note: We recommend that you take a back up of your server before beginning this process.
Login to your server using command line, and run the below commands:
For CentOS Servers:
yum update openssl
For Ubuntu Servers
apt-get update && apt-get install libssl1.0.0
You should then reboot your server.
Once you have rebooted the server, you can test it by running:
rpm -q openssl
to verify that the version is now updated to 1.0.1e-16.el6_5.4.01 or 1.0.1e-16.el6_5.7 or 1.0.1g.
Alternatively, you can test this online at http://filippo.io/heartbleed/
What happens next?
Owing to the nature of the bug, you will now need to reissue all SSLs assigned to the server, as well as resetting all passwords on the system.