Blog

OpenSSL usage on OSS-hosted and managed sites and Heartbeat vulnerability question.

Apr 10th, 2014 by Roman Blanyar

Heartbeat vulnerability is an exploit within OpenSSL, an open-source implementation of the SSL and TLS protocols.

Off-Site Services, Inc. (OSS) does not use OpenSSL certificates on any of the sites it hosts and manages.  OSS uses OpenSSL to generate CSR public key containing non-sensitive information about the site, and a private key, which is not distributed to anyone outside OSS.  This information is then used to generate and purchase an SSL certificate from one of the major SSL providers, such as Thawte, Verisigin, or Geotrust.  

As of 4/9/14, all required patches and updates were applied to OpenSSL on all servers managed and hosted by OSS.  However, on 4/10/14, Symantec issued an update to their advisory, suggesting that all existing certificates are replaced and re-keyed (http://www.symantec.com/connect/blogs/heartbleed-openssl-take-action-now).

In light of this new advisory, we suggest all of our customers currently hosting their sites with OSS or having OSS manage their site replace their SSL certificates.  Please contact your OSS representative if you require a new CSR key.

Categories:

wordpressSEOweb designWeb DevelopmentHTML5productionresponsive designDrupalADAcompliancesecurityPhotoshopCSSTestingdesigngooglebeta testingquality controltoolsharness-bautomationtypographyGoogle AnalyticsmarketingFlashproduction tipsfontsweb imagesite speedweb preflightthemeswebsite buildingmodulestechnologiesJavaScriptfirefoxbrowserintegrationsMicrosoftAdobe MuseSSLIE8Applemobile websiteapp developmentplug-inAPIQAserver securityweb standardsE-commerceiOSInDesignWordpress pluginsOpenSSLAdvertisingJSONmobile devicestabletsAdobe AirRIAsBacklinksInteraction MetricsLong TailExporting from InDesign to PhotoshopInDesign to Photoshop conversionresponsive buildhorizontal layoutAdobeICANNcustom domain suffixesdevelopmentwireframeaugmented realityweb development awardprogramming awardPhotoshop Layer compsdesign best practicesmobile app challengeapp lifespannon-Flash animationHTML5 animationAdobe EdgeiPad screen templategTLDsweb awardvertical layoutvideo playbackfaildudrevolutionary softwareInDesign to HTMLcommunicationclienthtmlimage sizesoftwareimage compressionweb compatibilitybreakpointresponsive statePDFAdobe Edge ReflowconvertingEdge ReflowParfaitweb design softwareogvcloudawardhostseleniumFoundationBootstrapCKEditor3rd partyAppleScriptecommercetechnologycollaborateupdatevulnerabilityCMSwebsiteiPhoneCSS3Ps. and CSS HatProject Parfaithigh fidelityconceptcodecwebmformatweb developerssidney garberVideos and animations3D views of modelsDetroit Diesel CorporationMercedes-BenziTunescustom fontsHTML4web-fontsRGBweb colorsrelationship marketingOSSW3Cfragmented technology landscapeAndroidvideo sizegammamp4microsoft’s project natalUDIDvideoCVE-2014-0224integrationLinkedInFacebookWindows XPInternet Explorer 8interactive banner adsbrochurewaresony playstationinstant video playback solutionHeartbeatonline subscriptionWebOSabletCMS for Flashoptimizednintendo wiioutsourcing
Max's interview for Sonntags Zeitung

Jan 25th, 2012 by Max Tokman

http://info.sonntagszeitung.ch/archiv/detail/?newsid=201959   The just of Max's responses was that HTML5 is gaining ground due to the explosive growth in the market share of tablets and other mobile devices, which do not use Flash, and HTML5 with its features is well suited to replace Flash. This forces make

Harness-B for Basecamp Classic now allows others to see your workload!

Jan 13th, 2016 by Max Tokman

If you get swamped with tasks, let your slacker colleagues see your workload and take up some of the burden.  Whether they’ll do it is another matter entirely. Tip of the hat to Bryan Kuester for suggesting this feature.