The ramblings of a developer
This week the internet was abuzz with news of a security exploit known as Heartbleed. We will like to take a moment to provide our input into this issue and what measures we've taken to keep you safe.
Heartbleed is a vulnerability in the implementation of OpenSSL. This software is used by a wide variety of servers and users across the entire internet. This comic provides an illustrated example of Heartbleed in action.
Heartbleed works by exploiting the heartbeat implementation in SSL. Here is a simple example based on the aforementioned XKCD comic:
Since there is no way to determine what is in memory at the time of exploit, it is possible that sensitive data including usernames and passwords is sent back to the attacker.
There is no evidence that anyone at Chillidog Hosting has fallen victim to this exploit. We have, however, taken the following precautions to keep you safe:
If you don't host with Chillidog, I highly recommend the following:
This emergency exploit did cause some downtime for users and I apologize for this. We were unable to provide advance notice for this. Given the severity of the situation, however, it was in everyone's best interest to address this as quickly as possible.
Thanks for everyone's understanding and please stay safe.
Your top dog, Greg