Show Menu

Follow-up on Heatbleed SSL vulnerability

By on 11 April 2014

The Heartbleed bug made headlines this week; it is a bug that can have serious repercussions. One security researcher compared it to leaving your front door unlocked for the past two years: anyone could have entered you house (server) without your knowledge.

We acted quickly on Tuesday and addressed the issue:

  • We installed the bug fix for OpenSSL; a few of our Linux servers were affected. (The front door is now locked again)
  • We revoked all relevant security certificates and had new ones issued. (We changed the front door keys)

While we see no evidence of any logins or sensitive information being stolen, and while we think our servers and client websites are unlikely targets, we are following the advice of security experts… We hereby recommend that change all passwords for mailboxes and control panels hosting by us:

  • Mailboxes: Log in to your cPanel and set new passwords for all the mailboxes. Alternatively, let each user in your organisation log in to his own mailbox via Webmail, and then change his/her password.
  • cPanel and FTP: While logged in to your cPanel, set a new password. This will affect both your cPanel and FTP logins. You can also set a new password via our Client Portal; use the Web Services menu to manage your service(s).
  • Client Portal: If you are the primary contact for your account, please log in to our Client Portal.

Beyond the services provided by ANNO Internet, you may also want to check your logins for online banking, social networking websites and elsewhere. The friendly folks at Mashable has a convenient summary of Heartbleed’s impact on popular services. See www.mashable.com/2014/04/09/heartbleed-bug-websites-affected for details.

A few tips from our side:

  • Always use strong passwords.
  • Avoid using the same password for multiple services.
  • Change your passwords from time to time.
  • Doing all of the above is painful. You can relieve some of that pain by using a password manager such as Keepass (available free of charge).

Rest assured that your information is safe on our servers. There is no reason for concern, but do be vigilant.

Posted in