skip to content

Latest News

Sectigo Root Certificate expiry

Some of you may have noticed problems connecting to websites in recent days following the expiry of a commonly used intermediate...

Microsoft Email Shenanigans

Last week, emails from one of our web servers started being rejected by Microsoft mail servers, meaning that a few of our...

News RSS Feed

more news

'Heartbleed' SSL vulnerability

9 April 2014

In case you've heard about the latest SSL vulnerability codenamed 'Heartbleed', our main web server, hosting 99% of our websites, has not been affected as the version of OpenSSL we have installed predates the introduction of this vulnerability.

A second server, hosting a single website, may have been vulnerable for up to 12 months, and a third server, set up in February this year, would also have been affected. Both were automatically patched earlier this week.

The details of the vulnerability, while serious, are not as dramatic as you may have heard in news reports, but it could have allowed a determined attacker to extract chunks of 'private memory' from an encrypted stream and use them to expose encrypted data and private keys.

For the average Internet user, if any of the online services you are using have been affected, you should wait for them to announce that their servers have been patched, and only then change your password.

And to be doubly safe, change your passwords for any other services that use the same or similar login.

Related link

Office closing dates »

« A faster Lightbox

< news archive