Don't have an account? Create Now!


LoginLog in to manage your personal or business account with us.

Lost password?

Already have an account? Login in here


Sign upRegister now to gain access to applications, free credits and resources.

Forgot PasswordWe will reset your account and provide an email confirmation.

Heartbleed Bug

With news breaking on Monday, April 7th that HeartBleed causes a vulnerability in the OpenSSL cryptographic library, which is used by roughly two-thirds of all websites on the Internet, we want to update on how this bug may have impacted our Infrastructure and clarify the actions we’re taking to protect our Customers, Clients and Partners.

What is the Heartbleed Bug?

By sending a specially crafted packet to a vulnerable server running an un-patched version of OpenSSL, an attacker can get up to 64kB of the server’s working memory. This is the result of a classic implementation bug known as a Buffer over-read

There has been speculation that this vulnerability could expose server certificate private keys, making those sites vulnerable to impersonation. This would be the disaster scenario, requiring virtually every service to reissue and revoke its SSL certificates. Note that simply reissuing certificates is not enough, you must revoke them as well.

What has been done?

Unfortunately, the certificate revocation process is far from perfect and was never built for revocation at mass scale. If every site revoked its certificates, it would impose a significant burden and performance penalty on the Internet. So, we’ve spent a significant amount of time talking to our DataCenter partners in order to ensure that we can safely and successfully revoke and reissue our customers’ certificates.

While the vulnerability seems likely to put private key data at risk, to date there have been no verified reports of actual private keys being exposed. Our Partners and Us received early warning of the Heartbleed vulnerability and patched our systems 12 days ago.

We’ve spent much of the time running extensive tests to figure out what can be exposed via Heartbleed and, specifically, to understand if private SSL key data was at risk.

Heartbleed is being taken so seriously because OpenSSL is widely used, essentially no servers locally encrypt their data the way we do, and it’s been exploitable for some time; and your data is safe with us as we further extend our Infrastructure and Capabilities.

Privacy Preference Center

Strictly Required

Cookies that are required and necessary for the site to function properly and to ensure your security.

gdpr, localstorageCookie, userCurrency, buzzSpiffyPublocNonce, __cfduid
__cfduid

Registered Users

Cookies that are required and necessary for our blog, app or site and for your experience to be seamless.
* This affects only logged-in and registered users.

PHPSESSID, oneSpiffyNinjaNonce, wfwaf, wordpress_, wp-

Performance

These are used to track user interaction and detect potential problems. These help us improve our services by providing analytical data on how users use this site.

_ga, _gid, _gat
_ga, _gid, _gat

Shares