The “Heartbleed” Bug
What is it?
If you have listened to or read the news lately you may have heard about “Heartbleed”. Heartbleed is the term coined for a vulnerability in OpenSSL. OpenSSL is a security library, or piece of code that is commonly used to provide security on servers, internet appliances, and web sites. The vulnerability allows criminals to steal information from affected servers and other devices. OpenSSL is commonly used in Linux servers, and is said to affect about 60% of all web sites on the internet.
How did it affect Lanex?
When Lanex became aware of Heartbleed on Monday April 7th, 2014 we looked at the Linux servers that we host. We were able to determine that 3 of our publicly accessible servers could be affected by Heartbleed, and upon analyzing these we found that 2 of them were in fact affected.
On Monday evening, OpenSSL released a patch, and this was followed by updated software from our Linux vendor. On Thursday morning we patched the first of the servers and the patch was successful. As is our practice we did not do a patch of the second affected server at that time as the service window time had expired for the morning. In the evening, we attempted to patch the second affected server. We were able to determine later that evening that due to the Linux version, and the versions of other software on the server, that this server couldn’t be patched.
We then built a new virtual server over night that had all the updated security patches. On Thursday morning we looked at the severity of the issue. Since exploits had been seen elsewhere, we determined that we would need to shut down the affected server and move all of the sites to the new server. It was “All Hands on Deck” for the Lanex team as we moved sites during the day. We really appreciate everyone’s understanding as you may have had a service outage during that time.
What does it mean to you?
From our observations of our servers and traffic, we do not see any indication that our servers were attacked before patches were in place. If your web site is hosted on a Windows server (.NET, Coldfusion, Classic ASP) then your site was never at risk. If you do have a WordPress site that was hosted on the two affected servers, we have no indication that any data was accessed. Nonetheless, it is a smart idea to change passwords occasionally, and in this case, if you use your password on other sites that might have been compromised it is in your best interest to change it.
If you have specific questions, please feel free to contact us.
For more information, here is some media coverage of Heartbleed.
- Sort of technical but explains it http://heartbleed.com/
- A more comprehensive look http://www.reuters.com/article/2014/04/10/us-cybersecurity-internet-bug-idUSBREA3804U20140410
- And more of a consumer view http://www.cnn.com/2014/04/09/opinion/wisniewski-heartbleed-bug-endangers-all/index.html?hpt=hp_t4