Our Actions Against The Heartbleed Vulnerability

As reported in the mass media this week, a vulnerability in OpenSSL has been discovered and disclosed, which endangers the security of data transferred over an SSL/TLS encrypted connection on the Internet. The vulnerability - named the Heartbleed Bug - is a programming mistake affecting certain versions of OpenSSL. As many websites use SSL, this is a significant vulnerability, because it means private information such as keys and passwords can be exposed, without the protection of encryption.

The majority of Tsohost servers were never vulnerable as they run versions of OpenSSL which do not contain this vulnerability. On Tuesday, before the vulnerability was announced in the mass media, we took immediate action and successfully patched any vulnerable servers on our network (Note: the Cloud remained largely unaffected by this bug). As we are a managed service provider, no action is required by Tsohost customers except in the case of dedicated/VPS where the customer has opted out and has root access.

The vulnerability has existed for approximately 2 years, therefore it's possible that people knew about it and have been exploiting it for some time, however, this is unlikely. Since we were largely unaffected by the vulnerability we will not be automatically re-issuing SSL certificates. However, if you wish for your certificate to be reissued, please contact our support team for this to be arranged, free of charge.

Since many sites across the internet were vulnerable, as an extra precaution, we suggest that you change your password for every online account that you have access to. This is always good practice and we further suggest that you continue to change your passwords on a regular basis.

If you have any questions or concerns regarding Heartbleed, please do not hesitate to contact our support team.