Blog

Security Notice, HeartBleed Bug

Here at JamJo we take security very seriously. As has been made public through many media agencies on April 7th we have been assessing the impact to our customers of CVE-2014-0160 , known colloquially as Heartbleed . We join nearly every service provider on the Internet responding to this critical vulnerability in OpenSSL’s handling of heartbeat packets and conducted a comprehensive security review in response of all our customers using our maintenance, support and hosting plans. The results of which are very positive as our network service providers were checked and tested for vulnerable versions of OpenSSL and our service is not served through products that were discovered to be vulnerable. If you are hosting directly with JamJo you have nothing more to do here.

However, many of our customers host their JamJo websites with hosting providers that were affected by this vulnerability because this vulnerability is large scale and very massive in terms of the amount of websites it has effected as you can read further on BBC.

With this in mind we urge all customers hosting their website with a different hosting provider to please ask their hosting provider if they are running the latest version of OpenSSL released on April 7th. This is important as your website login details potentially may have been exposed. There is no evidence to suggest that any website was compromised in any way due to this vulnerability, however, out of an abundance of caution, we’re urging our customers who have reset their passwords recently or logged in via their website and who are not hosting directly with us to take some additional steps to ensure the security of their websites.

Here is a handy little test a client of ours made us aware of, just put your website in here and click go: http://filippo.io/Heartbleed/

No comments yet.

Leave a Reply

Top