On April 7th, a significant vulnerability was found in OpenSSL which is a library used to encrypt connections for the majority of websites on the internet. The Heartbleed bug as it's been coined would allow an attacker to read the keys that protect communication of a vulnerable server. This is a significant bug which has had website companies all over globe racing to update their systems.
What has Fitz Designz done about this?
Security always takes top priority for us and a severe vulnerability in a 3rd party library prompts us to drop everything and respond to protect the security of our clients.
To summarise our actions:
- We've updated all our systems using the newer, protected versions of OpenSSL which closed the vulnerability within a few hours of the vulnerability being made public.
- We've also re-issued our SSL certificates with new keys as a simple precautionary step.
- We've expired all browser sessions that were active prior to the vulnerability being addressed on our servers.
The bug was resolved promptly on all Fitz Designz' sites and we don't have any indication that the attack has been used against our systems.
If you have any concerns or questions, please get in touch.