Neil LimWebnames.ca would like to notify all customers that our servers have not been affected by the Heartbleed SSL vulnerability and that your information, data and privacy remain uncompromised.
The Heartbleed SSL vulnerability is a serious bug that has affected the popular OpenSSL encryption software. The bug has compromised information that under normal circumstances is protected by powerful encryption. The compromised versions are OpenSSL version 1.0.1 to 1.0.1f.
How the bug works?
First of all, SSL and TLS certificates protect your information. You can verify whether or not a website has SSL or TLS if it has a “s” after http or if it has a green lock icon on the search bar. SSL and TLS encrypts and decrypts any data you transmit to the servers of any website you visit; this includes any emails, web servers and instant messaging services.
The bug is called Heartbleed because of a SSL/TLS protocol called a heartbeat – this protocol allows the SSL/TLS session to remain active even if no official data has been exchanged. The bug exposes the heartbeat extension to gain access to critical information found on the server’s memory. Information that can potentially be compromised include the encryption keys that are needed to decrypt sensitive information.
Once malicious third-parties have access to the encryption keys, they can gain access to A) the information of users of compromised websites, B) impersonate websites by initiating a heartbeat request to the computers of users and C) read past and future information exchanged.
What should vulnerable websites do?
For Webnames.ca SSL Certificate customers, you will fall into two categories:
A) If you are a Webnames.ca customer and if you have your SSL certificate hosted on our servers, you don’t need to take any additional action. Again, our systems were not compromised because of the OpenSSL version that we use.
B) If your SSL certificate is hosted on another system, there are three (3) steps you need to take. Note: these must be done in chronological order.
- Patch your OpenSSL version -> compromised version are 1.0.1 to 1.0.1f. Patch to 1.0.1g, which was released on April 7, 2014.
- Once patched, you can re-issue your SSL certificate to secure Additional information is available at our Webnames.ca SSL Guide – Reissuance.
- Change your password and login information.
Additional information
More information about the Heartbleed bug is available at www.heartbleed.com
For additional questions and further assistance, please contact us at 1-866-221-7878 or email support@webnames.ca