What You Need to Know (& Do) About the Heartbleed OpenSSL Security Bug
What is SSL?
You may have heard about the security bug named "Heartbleed" that affects SSL, which stands for secure sockets layer. SSL is the standard security technology used across the Internet to provide an encrypted link between a web server and a browser. You can recognize when a website uses SSL because their web address will start with https instead of http.
What is Heartbleed?
Heartbleed is a bug that has been found on OpenSSL. Basically, hackers can use Heartbleed to access information that should be encrypted such as passwords, emails, documents, or anything else that people send over web servers.
Is Dynadot - and, more importantly, are my domains - safe?
It has been said that up to 66% of the Internet is affected by Heartbleed. This is a huge breach in security. You may be wondering if your domains are safe with Dynadot. The answer is yes. We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it.
Should I change my Dynadot account password?
Yes, we recommend changing your Dynadot account password as a precaution. See our help file on how to change your password.
I use SSL for my website! How can I protect my website?
For those of you who have purchased an SSL certificate through us (or anywhere else), here is what you need to know to keep your website safe:
1. Start by plugging in your website here to see if it's safe: http://filippo.io/Heartbleed/
2. If there is a problem, you can double check the version of OpenSSL on your server. If you administer your own server or you have SSH access, the command is openssl version. The affected versions are: 1.0.1-1.0.1f and 1.02-beta. The patched version is 1.0.1g.
3. Once you have finished upgrading/updating OpenSSL, you'll need to restart any services or programs that are using OpenSSL.
4. Then try plugging your website into http://filippo.io/Heartbleed/ again to see if it deems it safe.
5. If your website is deemed safe, you will need to have your SSL certificate reissued. If you have purchased your SSL certificate through us, all you need to do is email us at firstname.lastname@example.org with your certificate signing request (CSR). Learn more about how to generate a CSR.
6. If your website was not deemed safe, repeat steps 2 and 3.*
*The steps may vary depending on your server. You may need to contact your web hosting company to see if they have issued any information about Heartbleed.
What about accounts I have on other websites that use SSL?
Since Heartbleed has been such big news, most websites that use SSL should already be aware of the issue and dealing with it. You can check if a website has already been deemed safe by using the link above. If it has been deemed safe, then you should change your password. Just make sure you check if the site is safe first because otherwise changing your password may not make a difference. If you are really worried, I would recommend contacting the company directly. You should also take a look at Mashable's Heartbleed Hit List of websites where you should change your passwords.
Post by Robyn Norgan