Perhaps many of you have heard about the so-called “Heart Bleed” bug, a recently discovered fundamental flaw found in OpenSSL, the software used by most web sites and servers to encrypt information exchanges on the Internet.
The Heartbleed bug could enable an attacker to directly read parts of the memory of a server, assuming it’s running a vulnerable version of OpenSSL and is configured in a certain way. Security researchers have shown that the bug can be exploited to reveal usernames and passwords, encryption keys, and anything else that’s transmitted or stored in the server’s memory.
Simply put, much of the sensitive data you’ve entered anywhere on the Internet via SSL may have been decrypted and read by someone with malicious intent. The important word here is “may”, as there is no evidence that this exploit was ever used by anybody anywhere.
Regardless of that, we take the possibility of an exploit very seriously, so as of April 8th all of MacHighway’s servers have been patched up with the fixed version of OpenSSL. Information transmitted via SSL to MacHighway servers is no longer vulnerable. However, as with the great majority of sites on the net, the information was vulnerable. While we have no evidence that any information has been compromised, the “better safe than sorry” approach is highly recommended.
Even though it is highly unlikely any information was compromised we do recommend changing your passwords (Client Area password, cPanel/FTP password(s), Email).
Mashable has created a list of recommended modifications for a list of popular sites on the Internet in relation to the Heartbleed vulnerability. I strongly recommend that you follow their advice and update passwords at the sites they mark as vulnerable.
