You Should Know | Apr 10, 2014
On April 7th 2014 OpenSSL published a security bulletin notifying users of a bug in its SSL/TLS library used by over 66% of internet sites. The bug is noted on OpenSSL's website asÂ CVE-2014-0160, also known as the 'Heartbleed Bug'. The e-works media, inc. hosting servers all employ the OpenSSL library for secure connections. The next day, April 8th 2014, the OpenSSL library for the platform our hosting servers run on was patched to fix this bug and we immediately updated all hosting servers with the fix.
This bug has been in the wild for over 2 years, so it's safe to assume it's been used as an attack vector in that span of time. The bug allowed attackers to siphon 64k of data on each 'heartbeat'. This would allow them to steal the private keys associated to the SSL Certificate being served and act as a passive man-in-the-middle on the connection and steal the information transferred over it. Due to the length of time this bug has been in the wild, it's possible an attacker can have a full copy of a web server by now. To be completely certain you and your site users are protected going forward, we recommend you revoke all current SSL Certificates for any domains you host with us and issue new certificates and change all passwords associated to your web server; CMS, Hosting Control Panel, Email, etc.
What do I do next?
Change all passwords to your CMS, Email accounts, Hosting Control Panel, and any other passwords associated to your web server. If you need assistance doing so, please email and we'll be happy to help.
If you purchased your SSL Certificate through e-works media, inc., please email Â and ask us to revoke your current SSL Certificate and issue you a new one. You will incur a cost for purchasing a new SSL Certificate.
If you purchased your SSL Certificate through a 3rd-party, you should contact them and have them revoke your current SSL Certificate and issue you a new one. Once the new certificate is issued, please email with the certificate and we'll take it from there.