Secu­rity Notices

Secu­rity notices for SHORELESS related sys­tems and appli­ca­tions .

  • The Heartbleed bug didn't affect our clients

    The Heart­bleed bug was dis­closed on 1st of April 2014. This mas­sive secu­rity vul­ner­a­bil­ity in OpenSSL pro­to­col has been pre­sent since the relase of OpenSSL ver­sion 1.0.1 on March 2012. While it left peo­ple scram­bling to change their pass­words left, right and cen­ter, we'd like to inform our cus­tomers, that our web­sites and the man­aged host­ing accounts have been save and secure.

    Our servers used OpenSSL ver­sion 1.0.0 and 0.9.8 which where not affected by the Heart­bleed bug . To ensure none of our cer­tifi­cates have been com­pro­mised dur­ing its issu­ing process on third party servers and com­mu­ni­ca­tion chan­nels, we renewed all our SSL certfi­cates.

    What should you/your customers do next?

    No data on our servers has been breached. The cer­tifi­cates on your man­aged host­ing have been reis­sued as well. You don’t need to take any action regard­ing our site or ser­vices. How­ever, this bug has been out there for a long time and it's pos­si­ble that sites you or your cus­tomers reg­u­larly visit would be sus­cep­ti­ble the vul­ner­a­bil­ity.

    You can check whether or not sites are sus­cep­ti­ble using this tool: http://fil­ippo.io/Heart­bleed/

    We rec­om­mend you and your cus­tomers gen­er­ate new pass­words for any web­site in which sen­si­tive infor­ma­tion is stored, such as email, bank­ing, etc. How­ever, you should wait until these sites have updated their OpenSSL ver­sion and replaced their cer­tifi­cates with new cer­tifi­cates being issued on 8th of April 2014 or later.