The Heartbleed Bug
Customers concerned about the recently publicised Heartbleed Bug in OpenSSL have been contacting Azexis today for reassurance. With such a crucial bug affecting over 60% of the web we wanted to publish this post to reassure customers "yes, we've got things in hand".
It is rare that security issues reach general media, which highlights the severity and spread of the issue.
The bug in OpenSSL itself could have enabled attackers to obtain data stored in system memory, which means sensitive information could have been at risk . Whilst it is unlikely Azexis were compromised w e are continuing to look through our system logs to determine if the vulnerability in OpenSSL was exploited. However, attack vectors are untraceable and it is unlikely we will ever know if any of our sites had been compromised. So precautionary measures are in hand.
Was my site affected?
in short, yes. We utilise OpenSSL technology on all of our servers and as such all sites were affected by the reported bug in SSL. However, we'd like to stress that though the vulnerability existed it may not have been exploited.
Has Azexis fixed it?
Yes, we fixed the issue within 24 hours of the availability of a fix.
If you'd like to test your site you can do so at http://filippo.io/Heartbleed/
What do you need to do?
we advise that you change your administration passwords for Evance or any other
control panel on our systems. You may also wish to advise your customers and change
passwords on other systems/sites.
A helpful article may be found at http://mashable.com/2014/04/09/heartbleed-bug-websites-affected