My AppsSwitch between Apps with just a click

Jobs AppGet your projects and tasks done by professionals worldwide with just a tap! I Am NinjaApply to Become a Ninja! Open yourself to possibilities and opportunities worldwide Buzz AppLocal & Social Buzzing - Find out the latest hype around you! Wedding AppManage wedding RSVPs, vendors, quotes, invoices and more! Cloudlets AppBuild and create beautiful apps, platforms and websites simply and with Ninja Mojo! Cloudlet Creator3 steps to creating your cloud website or app. Quickly get up and running! Cloudlet ManagerManage and administer your cloudlets quickly and painlessly. CloudSpiffyDomains, VPS, Shared Hosting, Cloud SSDs, Business Emails under one roof. MojoBuilderBuild beautiful profiles and single page websites without a single line of code! Terms AppProviding access to contracts, terms & policies templates. My ProfileManage and update your personal, account and business profiles. MembershipExtend, manage and upgrade your membership with us! My CreditsTopup and manage your credits. Your spiffy mobile wallet on the go!

My SettingsManage Your Guest Profile

Currency

My MenuLet us help you navigate.

Don't have an account? Create Now!


Login

Lost password?
(close)

Already have an account? Login


Signup

(close)

Forgot Password

(close)

Heartbleed Bug

General News Social

With news breaking on Monday, April 7th that HeartBleed causes a vulnerability in the OpenSSL cryptographic library, which is used by roughly two-thirds of all websites on the Internet, we want to update on how this bug may have impacted our Infrastructure and clarify the actions we’re taking to protect our Customers, Clients and Partners.

What is the Heartbleed Bug?

By sending a specially crafted packet to a vulnerable server running an un-patched version of OpenSSL, an attacker can get up to 64kB of the server’s working memory. This is the result of a classic implementation bug known as a Buffer over-read

There has been speculation that this vulnerability could expose server certificate private keys, making those sites vulnerable to impersonation. This would be the disaster scenario, requiring virtually every service to reissue and revoke its SSL certificates. Note that simply reissuing certificates is not enough, you must revoke them as well.

What has been done?

Unfortunately, the certificate revocation process is far from perfect and was never built for revocation at mass scale. If every site revoked its certificates, it would impose a significant burden and performance penalty on the Internet. So, we’ve spent a significant amount of time talking to our DataCenter partners in order to ensure that we can safely and successfully revoke and reissue our customers’ certificates.

While the vulnerability seems likely to put private key data at risk, to date there have been no verified reports of actual private keys being exposed. Our Partners and Us received early warning of the Heartbleed vulnerability and patched our systems 12 days ago.

We’ve spent much of the time running extensive tests to figure out what can be exposed via Heartbleed and, specifically, to understand if private SSL key data was at risk.

Heartbleed is being taken so seriously because OpenSSL is widely used, essentially no servers locally encrypt their data the way we do, and it’s been exploitable for some time; and your data is safe with us as we further extend our Infrastructure and Capabilities.

Shares