Register a one year .XYZ domain for just £1.99!chevron_right

close
Call us 7am - Midnight 01628 200 161My.Tsohostshopping_basket0 Item(s): £0.00
menuMenu

keyboard_backspaceBack to the Blog

Our Actions Against The Heartbleed Vulnerability

Posted 10th April, 2014 by Aliysa

As reported in the mass media this week, a vulnerability in OpenSSL has been discovered and disclosed, which endangers the security of data transferred over an SSL/TLS encrypted connection on the Internet. The vulnerability - named the Heartbleed Bug - is a programming mistake affecting certain versions of OpenSSL. As many websites use SSL, this is a significant vulnerability, because it means private information such as keys and passwords can be exposed, without the protection of encryption.

The majority of Tsohost servers were never vulnerable as they run versions of OpenSSL which do not contain this vulnerability. On Tuesday, before the vulnerability was announced in the mass media, we took immediate action and successfully patched any vulnerable servers on our network (Note: the Cloud remained largely unaffected by this bug). As we are a managed service provider, no action is required by Tsohost customers except in the case of dedicated/VPS where the customer has opted out and has root access.

The vulnerability has existed for approximately 2 years, therefore it's possible that people knew about it and have been exploiting it for some time, however, this is unlikely. Since we were largely unaffected by the vulnerability we will not be automatically re-issuing SSL certificates. However, if you wish for your certificate to be reissued, please contact our support team for this to be arranged, free of charge.

Since many sites across the internet were vulnerable, as an extra precaution, we suggest that you change your password for every online account that you have access to. This is always good practice and we further suggest that you continue to change your passwords on a regular basis.

If you have any questions or concerns regarding Heartbleed, please do not hesitate to contact our support team.

Categories: Tsohost News, Security

You may also like:

WHOIS Privacy Protection For UK Domain Names
WHOIS Privacy Protection For UK Domain Names
Cloud update: Free Let’s Encrypt SSLs now supported
Cloud update: Free Let’s Encrypt SSLs now supported
Linux Dirty Cow; Fixed
Linux Dirty Cow; Fixed
Data Centre Build: Phase Two
Data Centre Build: Phase Two
Fix and Protect Your Hacked WordPress Site
Fix and Protect Your Hacked WordPress Site
Magento Security Patch Released - Install Now
Magento Security Patch Released - Install Now

Cookies help us to deliver our services. By using our website, you agree to our use of cookies. Learn More

close