The Chillidog Software Blog

The ramblings of a developer

Chillidog Watchdog Keeping you Safe from Achy Breaky (Bleeding) Hearts

April 11th, 2014 by Gregory - 2 min read

This week the internet was abuzz with news of a security exploit known as Heartbleed. We will like to take a moment to provide our input into this issue and what measures we've taken to keep you safe.

Chillidog Hosting Heartbleed

What is Heartbleed?

Heartbleed is a vulnerability in the implementation of OpenSSL. This software is used by a wide variety of servers and users across the entire internet. This comic provides an illustrated example of Heartbleed in action.

How does Heartbleed work?

Heartbleed works by exploiting the heartbeat implementation in SSL. Here is a simple example based on the aforementioned XKCD comic:

  • Attacker sends a "hello" request to the server requesting a response.
  • The server should respond with the same "hello" back.
  • The attacker, however, continues and says "hello" again but requests some arbitruary long response.
  • The server responds with "hello" and the contents of memory up to the length requested.

Since there is no way to determine what is in memory at the time of exploit, it is possible that sensitive data including usernames and passwords is sent back to the attacker.

What have we done to help keep you safe?

There is no evidence that anyone at Chillidog Hosting has fallen victim to this exploit. We have, however, taken the following precautions to keep you safe:

  • We immediately upgraded all of our servers to the latest version of SSL.
  • We have revoked and re-issued our SSL certificates.
  • We have installed these new SSL certificates for all of our services including control panel and mail.
  • Changed our administrative passwords.

What should I do if I don't host at Chillidog?

If you don't host with Chillidog, I highly recommend the following:

  • Contact your hosting provider and inquiring about what they have done to protect you from Heartbleed.
  • If you own your own SSL certificate, revoke it, order a free re-issue, and re-install it with a new over your existing certificate.
  • Change, at least, your Control Panel password.

This emergency exploit did cause some downtime for users and I apologize for this. We were unable to provide advance notice for this. Given the severity of the situation, however, it was in everyone's best interest to address this as quickly as possible.

Thanks for everyone's understanding and please stay safe.

Your top dog, Greg

About

Chillidog Hosting, and Chillidog Software are owned and operated by Gregory Barchard. Greg is a developer and long time RapidWeaver user who has an undiagnosed addiction to delicious coffee and tea.

Tags

  1. SEO (2)
  2. CMS (1)
  3. CSV (1)
  4. Google (1)
  5. HTTPS (1)
  6. SSL (1)

Archive

  1. 2017 (1)
  2. 2015 (2)
  3. 2014 (29)
  4. 2013 (28)
  5. 2012 (30)
  6. 2011 (7)
  7. 2010 (23)

Elsewhere

  1. Twitter
  2. Github