Shawn McCabe
Author Shawn McCabe
CTO
Posted in Development
April 9, 2014
read
Back to blog

The Heartbleed Bug - What you need to know!

You may have heard of the "Heartbleed" security issue, which is affecting many sites across the internet, including enormous entities such as the Canadian Revenue Agency, Yahoo, Facebook, etc. This is a vulnerability in the encryption setup, which can let an attacker view random snippets of memory from the affected server. In other words, this is a huge potential security breach. These memory snippets could contain any data from your server, including logins, passwords and encrypted keys. The nature of the vulnerability also means it is impossible to confirm if you have been victimized or not. Not only is it important to fix the problem, but reset your passwords as well.

Acro Media has patched all of our servers already and we are no longer vulnerable to the exploit. We are also in the process of regenerating all SSL Certificates, as the vulnerability makes it possible that they were compromised. Thawte, our SSL signing authority is helpfully providing re-issues of all SSL Certs free of charge, so if you bought your SSL cert through Acro Media you're already covered.

If you don't host with Acro Media we highly recommend that you check with you hosting provider to make sure you are not vulnerable to this very serious bug. Below we have included a few informative links as well as a link to test your site to see if you are affected. If you do not host with us and need assistance Acro Media can provide consulting to help you either fix the issue or find out whom to contact.

As this bug affects many sites on the internet, it is recommend to change any important online passwords you have, as those sites may also have been affected.

Please do not hesitate to contact your Account or Project Manager to assist you with any questions or concerns you may have.

Acro Media acted quickly to ensure that we addressed and corrected what was needed ensure that you and all of our clients have not been effected.

Your Acro Team!

Beware of P.O.O.D.L.E, SSLv3 Vulnerability & Security Update

So the hip new thing is to give big security vulnerabilities silly nicknames, hence the "Padding Oracle On Downgraded Legacy Encryption" -> POODLE ...
Keep Reading »

How Attending DrupalCon Events Changed our Business

New Orleans. NOLA. The pilgrimage to DrupalCon 2016. Six Canadians making the journey from a well established Drupal Commerce development agency…. ...
Keep Reading »

Open source is teaching others to fish

Mentoring the 2018 Nashville Drupalcon Sprint I don’t have the patience to fish. But I was once taught how to “fish” (contribute to open source) and ...
Keep Reading »

Fields marked with * are required.

×
×