Heartbleed Bug

heartbleedHoly shit! So every day, you use websites encrypted using OpenSSL to order things online, do your taxes, pay your bills, etc… Well for the past 2 years, your information has been susceptible hackers by means of a vulnerability known as “The Heartbleed Bug.” The news just broke yesterday. I didn’t know anything about it until I received an email from my bank stating:

[We are] aware of the “Heartbleed” bug. We are evaluating the situation and are prepared to execute any changes, if necessary, as quickly as possible. We are committed to protecting the security and integrity of your personal information and we will continue to update you if any further action is needed.

Now I found that a little disturbing. Enough so that I decided to dig a little and find out what this Heartbleed Bug was. This is what I found published yesterday on Time Magazine’s website:

Internet security experts are scrambling to assess the extent of the breach caused by a massive bug called Heartbleed in the OpenSSL technology that runs encryption for two-thirds of the web and went unnoticed for two years until last week

Naturally, as a person who runs his own websites, I was a little disturbed to say the least. Especially when I used this site to test whether or not my servers were susceptible to the attack. Low and behold, they were. Well my Linux-loving brethren were pretty snappy about putting out a fix. I patched my server and tested again to verify that it was, indeed, fixed. Not that my web servers are host to any potentially dangerous information, but it’s the principal.

So what should you do? Chances are, you haven’t been affected. It’s not the same as someone hacking into a server to steal information. It’s more like a hacker being able to peek in occasionally, and only see a tiny snapshot of what the server was processing at that exact same moment. However, it may be prudent to protect yourself. This article has some pretty sound advice on what to do.

 

Updated: Jackass Takes Down Godaddy DNS Servers

Godaddy Rack Space
Update: Godaddy announced today (Sep 11, 2012) that it was an internal issue that caused the outage, and the punk hacker was just trying to make himself look cool by saying he did it. He’s still a jackass regardless.

So I’m wondering why in the hell some of my services hosted at home aren’t working anymore. Well the answer is simple, some jackass decided to screw with Godaddy’s DNS servers and all my domains are using Godaddy hosted DNS servers.

Thanks a lot, jackass.

Well it looks like I’m going to have to do a little work to make my DNS structure a little more resilient to failure. Currently, Godaddy is a single point of failure for me. And here I thought I was in good shape because I was having them host it instead of doing it locally. Perhaps I’ll set up my own authoritative server and have Godaddy act as a secondary. Of course I’ll probably have to pay extra to do it that way. I would know for sure except that… well… Godaddy’s own site is down. I’ll bet they’re slightly more pissed off than I am.