We have notified all clients by email on 9th April about a security update that we’ve applied to all our website recently. This is a particularly important update, which is why we’re taking the additional step of posting the notification here.

On 7th April 2014, a major vulnerability was announcing in a software library called OpenSSL. This library is used to establish secure communications (SSL) between a web browser and a server, and is used by just about every major vendor on the market. The issue is extremely serious, and can compromise the security keys (the server equivalent of a password) that protect SSL connections, meaning that things normally protected by SSL such as financial information or password could be exposed. The range of devices potentially affected include computers, smart phones, modems, web servers, financial systems, and any other system that uses OpenSSL to provide SSL connections.

Fortunately, most vendors are quickly producing updates to fix this issue, and we can confirm that the web server that runs your website has been updated so it is not vulnerable to this issue. We have also taken the additional step of reissuing all SSL certificates for both our cPanel services and our client websites (if you have an SSL certificate for financial transactions), which is the recommended action to ensure that no compromise of data occurred between the time of the vulnerability being discovered and the update being applied. Some experts are recommending an additional step of changing website passwords that are hosted on servers that were vulnerable to the exploit, if you want to take this step you can follow the guide to changing various passwords on our website at http://www.guydesigns.com.au/changing-account-passwords/

There is no further action required on your behalf, this notification is just to inform you of the security update. Over the coming days you may hear more about this security issue (referred to as the “Heartbleed” exploit) in the media, and we wanted to ensure that you knew that your website was protected from this issue.

If you want more information on the exploit, we suggest you read the information at this link: http://heartbleed.com/. If you want to check if another site you own or visit is vulnerable to the exploit, you can use this site to check: http://filippo.io/Heartbleed/

If we can provide you with any more information, or be of more assistance, please contact us.