You may have recently heard about the Heartbleed bug, a vulnerability identified in one of the most common web server tools that could potentially compromise the security of data on websites (find out more: http://heartbleed.com)
A critical OpenSSL vulnerability nicknamed “Heartbleed” was discovered recently. IMPORTANT: It is very likely that you are impacted by this vulnerability. Read on for more info.
Details you should know:
1. This is not a vulnerability with SSL Certificates or WebProject.
2. SSL/TLS is not broken, nor are the digital certificates issued by Comodo or Symantec brands.
3. Users of OpenSSL versions 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected. OpenSSL version 1.0.1g addresses the vulnerability, as well as OpenSSL instances compiled without the heartbeat extension.
We run the security audits on all our servers and managed vps accounts - no issues found.
We are not aware of any attacks against us which exploited the bug, but will continue to perform ongoing security checks and monitor the situation for any new information on the Heartbleed bug that may become public.
What should you do?
The general recommendation from online security experts is to change your passwords as an added security measure, especially if you have used the same password on more than one site. It is a good idea to consider changing your passwords on a monthly basis.Regards,