Go to content
You've probably heard about the Heartbleed SSL security bug that surfaced earlier this week. It's an incredibly serious bug in OpenSSL, the software that powers around two-thirds of secure sites on the web, that can expose sensitive information. This post details the issue and what we're doing to protect your sites.

So, what’s Heartbleed?

Heartbleed is a bug in the underlying OpenSSL software that is used on most secure SSL sites on the internet. The bug allows attackers to read fragments of memory from the webserver, which can include very sensitive data such as login passwords, SSL encryption keys and credit card numbers. Essentially any data that is sent to or processed by a secure website.

The bug has been in the OpenSSL software for about 2 years, though it only affects your website if you run an secure SSL site and if the OpenSSL software is a particular version which is affected by this bug. There is, unfortunately, no way to know if anyone has made an attack on a website via this method since it leaves no traces. Now the information about this issue is in the open website and hosting providers are working to patch systems to ensure they are secure.

What we’re doing about it

This issue only affects a small number of our clients, all of whom we have contacted directly. Our hosting provider Rackspace is applying patches to the OpenSSL software to ensure it is no longer at risk of this bug.

For those clients with secure SSL sites running on affected OpenSSL software we will also do the following:

  • Regenerate SSL certificate keys, this is a preventative measure in case the keys have been compromised
  • Update our admin passwords to affected websites

What you need to do

If your website was affected you will have been contacted directly by Studio 24. We recommend you change your admin passwords to any affected websites immediately.

From a personal point of view we strongly recommend you change your password on any sensitive web accounts you have. A list of websites known to be affected is linked below in the More info section. For example, Google and Facebook were affected so if you have a Gmail or Facebook account you need to update your password. For those services that offer two-step authentication it is recommended you enable this. Both Facebook and Google offer two-step authentication.

More info