What You Need to Know (& Do) About the Heartbleed OpenSSL Security Bug

Dynadot
Apr 9, 2014

What is SSL?


You may have heard about the security bug named "Heartbleed" that affects SSL, which stands for secure sockets layer. SSL is the standard security technology used across the Internet to provide an encrypted link between a web server and a browser. You can recognize when a website uses SSL because their web address will start with https instead of http.

What is Heartbleed?


Heartbleed is a bug that has been found on OpenSSL. Basically, hackers can use Heartbleed to access information that should be encrypted such as passwords, emails, documents, or anything else that people send over web servers.

Is Dynadot - and, more importantly, are my domains - safe?


It has been said that up to 66% of the Internet is affected by Heartbleed. This is a huge breach in security. You may be wondering if your domains are safe with Dynadot. The answer is yes. We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it.

Should I change my Dynadot account password?


Yes, we recommend changing your Dynadot account password as a precaution. See our help file on how to change your password.

I use SSL for my website! How can I protect my website?


For those of you who have purchased an SSL certificate through us (or anywhere else), here is what you need to know to keep your website safe:

1. Start by plugging in your website here to see if it's safe: http://filippo.io/Heartbleed/

2. If there is a problem, you can double check the version of OpenSSL on your server. If you administer your own server or you have SSH access, the command is openssl version. The affected versions are: 1.0.1-1.0.1f and 1.02-beta. The patched version is 1.0.1g.

3. Once you have finished upgrading/updating OpenSSL, you'll need to restart any services or programs that are using OpenSSL.

4. Then try plugging your website into http://filippo.io/Heartbleed/ again to see if it deems it safe.

5. If your website is deemed safe, you will need to have your SSL certificate reissued. If you have purchased your SSL certificate through us, all you need to do is email us at info@dynadot.com with your certificate signing request (CSR). Learn more about how to generate a CSR.

6. If your website was not deemed safe, repeat steps 2 and 3.*

*The steps may vary depending on your server. You may need to contact your web hosting company to see if they have issued any information about Heartbleed.

What about accounts I have on other websites that use SSL?


Since Heartbleed has been such big news, most websites that use SSL should already be aware of the issue and dealing with it. You can check if a website has already been deemed safe by using the link above. If it has been deemed safe, then you should change your password. Just make sure you check if the site is safe first because otherwise changing your password may not make a difference. If you are really worried, I would recommend contacting the company directly. You should also take a look at Mashable's Heartbleed Hit List of websites where you should change your passwords.

Post by Robyn Norgan

Comment
5 comments
seo_activist
Apr 9, 2014 4:07pm
Thanks for the update!
1 Reply
robynnorgan
seo_activist
Apr 9, 2014 4:38pm
You're welcome! We'll definitely post any additional updates here.
pyrex
Apr 9, 2014 7:46pm
Thanks for the heads up dynadot/Robyn. I definitely would have missed it.
1 Reply
robynnorgan
pyrex
Apr 10, 2014 3:41pm
You're welcome. We wanted to make sure our customers were informed, so you can stay safe on Dynadot as well as around the Internet. :)
mk-ultra
Aug 22, 2014 7:59pm
No system is safe :) Even sites like nasa.gov have passwords on their site which you can google in plaintext (maybe not of the spacestation, but its bad enough) Dont believe me? Look for yourself and google this: [url=https://www.google.com/search?num=100&newwindow=1&es_sm=122&q=site%3Awww.nasa.gov+intext%3Apassword&oq=site%3Awww.nasa.gov+intext%3Apassword&gs_l=serp.3...1883.5344.0.5441.16.16.0.0.0.0.82.583.16.16.0....0...1c.1.52.serp..16.0.0.KppZUT8SKI4]google search: site:www.nasa.gov intext:password[/url] Result: http://www.nasa.gov/centers/langley/news/releases/2011/11-070.txt Content: [quote] Please go to the following web site and enter in the username and password. SITE: https://webdrive.gsfc.nasa.gov/longauth/500/gary.banziger-1/cjw4a4C USERNAME: WaterBasinDrop PASSWORD: WaterBasinDrop For more information about NASA, visit www.nasa.gov. [/quote] [b]Beware: Dont actually try to login[b/] Conclusion: High profile websites that also create the most advanced technology in the world, sometimes mess up the simpler things in life. Heartbleed is just a hype at the moment (oke it needs to be fixed and brought to peoples attention, so kudos for that), but there is much more what people dont know, that is far worse, so dont get lazy :) Internet is not designed to be safe, a lot of protocols are from 1974, do not require any form of authentication, like the siemens sigmatic s7 PLCs in natanz, which was attacked by stuxnet, are in 80% of all elevators and factories in the world, your local powerplant and hospital etc. Keep it safe, and take care!