We would like to inform you about a recent and serious security vulnerability that has affected many websites across the internet.
A bug in the OpenSSL software package was discovered this week, it allows an unauthorized user to read the memory of the server OpenSSL is installed on, thereby gaining access to decryption keys which would give the unauthorized user the ability to read encrypted website traffic. Upon further analysis, it has been determined that this bug has existed since the 2012 release of OpenSSL, it has been dubbed the “heartbleed” bug due to it’s ability to read system memory (i.e. the “heart” of the server).
The status of our servers
It has been determined that NONE of Tech SourceHub’s web servers were running the vulnerable version of OpenSSL. We have determined that one of our application servers WAS running the vulnerable version of OpenSSL; we immediately patched the server upon notice of this bug.
What this means for you as a customer of another provider
If you have a website or server with another provider such as Google, iPage, GoDaddy, 1&1, Webs, Weebly, Hostgator, etc. Please check with them to determine if this vulnerability affected their servers. Also, please check with common online services you use such as but not limited to: online banking, email, social networks, etc. They will be able to inform you as to the status of their servers and the steps you should take if any unauthorized access was gained. Please see a list of vulnerable websites below. NOTE THAT THIS IS NOT A COMPLETE LIST.
Additional information on this bug and systems affected can be found atwww.heartbleed.com, a website specifically set up to cover this issue.
Thank you for reading this update in its entirety.
List of affected websites (some may already have been patched):