If the FBI website has a security issue, then it means something is really wrong.
Many website administrators worked all night this past Tuesday to fix a failing inside OpenSSL, the system that protects pretty much most of the Internet.
What’s the problem with OpenSSL?
Well, I asked Ayaz Khan, Senior Engineer for Research and Development at Cloudways, about this issue. He gave me a very simple to understand answer:
Our CTO, Pere Hospital summarized it in this manner:
- No one knows if it has been exploited.
- If an exploit ever occurred, no one knew when and for how long.
- If it ever occurred, no traces were left.
- If an exploit ever occurred, then it would leaked data via chunks of 64k. So, it may have leaked virtually anything.
The bug was discovered by Neel Mehta, an employee for Google Security. Adam Langley and Bodo Moeller prepared the fix. Meanwhile, on Quora, I found these good technical definitions:
In simple words, this is something really bad. Nick Adams, the manager of Facebook groups “WordPress Help for Professionals and WordPress Help for Beginners”, reacted in the following manner:
So, what to do now?
Well, all of us should start the cumbersome process of changing all the passwords of all the popular services, like Gmail, Tumblr, SoundCloud, etc.
You should also check with nag your bank about their security. You need to make sure that they are protecting you efficiently. You can use this tool to check. But, if you run an online business, then you need to do more. Our CTO, Pere Hospital shared this: When I asked our co-founder Aaqib Gadit about how to protect your business, he expressed:
“Since private key is the key to unlock SSL security, and clearly Heartbleed vulnerability showed that key was not safe and you will never know whether it was compromised or not, so patching alone is not enough. You will need to regenerate the private keys and CSRs for your certificates and change your passwords and advise your customers to do the same to make sure all remain safe.”
So, are you safe on Cloudways?
Well, our system engineers worked tirelessly to ensure all our clients stay safe. Pere shared the process with me today:
- First, we patched all the systems immediately.
- We then re-issued certificates and revoked old certificates.
- Finally, we have asked our customers to reset their passwords.
We have pretty much given an overhaul.
When we promise security, we mean it!
This shows that when we promise managed security, we really mean it. We have made sure that no one gets affected by this when they are with Cloudways. So, if you are looking for a cloud hosting platform which provides a great security and strong management, then Cloudways is perfect for you. Start your 3-day free trial today!
Saad Durrani
Saad is the Senior Editor at Cloudways - A Managed Cloud Hosting Platform. He is a technology enthusiast who loves to blog about emerging technologies and trends. When he is not blogging, he goes to the beach to find inspiration for his fictional stories.