Blog

OpenSSL usage on OSS-hosted and managed sites and Heartbeat vulnerability question.

Apr 10th, 2014 by Roman Blanyar

Heartbeat vulnerability is an exploit within OpenSSL, an open-source implementation of the SSL and TLS protocols.

Off-Site Services, Inc. (OSS) does not use OpenSSL certificates on any of the sites it hosts and manages.  OSS uses OpenSSL to generate CSR public key containing non-sensitive information about the site, and a private key, which is not distributed to anyone outside OSS.  This information is then used to generate and purchase an SSL certificate from one of the major SSL providers, such as Thawte, Verisigin, or Geotrust.  

As of 4/9/14, all required patches and updates were applied to OpenSSL on all servers managed and hosted by OSS.  However, on 4/10/14, Symantec issued an update to their advisory, suggesting that all existing certificates are replaced and re-keyed (http://www.symantec.com/connect/blogs/heartbleed-openssl-take-action-now).

In light of this new advisory, we suggest all of our customers currently hosting their sites with OSS or having OSS manage their site replace their SSL certificates.  Please contact your OSS representative if you require a new CSR key.

Categories:

wordpressSEOweb designDrupalADAWeb DevelopmentproductionHTML5responsive designcompliancesecurityCSSdesignTestingPhotoshopproduction tipsFlashtoolsgoogletypographyGoogle Analyticsmarketingautomationharness-bbeta testingbrowserSSLE-commerceiOSweb standardsplug-infirefoxQAwebsite buildingapp developmentweb preflighttechnologiesJavaScriptthemesintegrationsAdobe MuseAPImobile websiteAppleweb imagesite speedfontsquality controlMicrosoftmodulesOpenSSLserver securityIE8Androidtabletsmobile devicesclientcommunicationimage compressionimage size cloudPDFresponsive statebreakpointInternet Explorer 8Windows XP FacebooktechnologyWebOSLong TailInteraction MetricsLinkedInhostsoftwareAdvertisingJSONapp lifespanabletmobile app challengeRGBgammacodecvideo sizeinstant video playback solutionBacklinksweb colorsvideo playbackintegration3rd partyParfaitvertical layoutiPad screen templatehorizontal layoutcustom fontsweb-fontsnon-Flash animationHTML5 animationEdge ReflowAdobe Edgeoptimizeddevelopmentresponsive buildAdobeCMS for FlashHTML4interactive banner adsWordpress pluginsconvertingfailseleniumW3Csony playstationnintendo wiiaugmented realityVideos and animations3D views of modelsDetroit Diesel CorporationMercedes-BenziTunesfragmented technology landscapeUDIDInDesign to Photoshop conversionExporting from InDesign to Photoshophtmlweb design softwareweb compatibilitynDesignRIAsAdobe AiroutsourcingCVE-2014-0224dudInDesignformatvideowireframeCMSwebsiteiPhonebrochurewareweb development awardmp4web awardweb developerssidney garberhigh fidelityawardupdatevulnerabilityCKEditorAdobe Edge Reflowprogramming awardrevolutionary softwarewebmonline subscriptionInDesign to HTMLFoundationBootstrapICANNgTLDscustom domain suffixesPhotoshop Layer compsdesign best practicesogvHeartbeatcollaborateconceptOSSrelationship marketingCSS3Ps. and CSS HatProject ParfaitAppleScriptecommercemicrosoft’s project natal

May 28th, 2014 by Max Tokman

On April 8, 2014, Microsoft officially ended support for Windows XP operating system, which was a long time coming - after all, those Windows 8.1 packages are not going to sell themselves. With that, the entire suite of software products associated with older OS, including IE8, lost support and future critical up...

Nov 22nd, 2013 by Max Tokman

Our approach to frameworks is that there's a tool for every job. In case of WordPress, it is a very good solution for very simple sites based on an existing theme, with functionality and layout requirements not exceeding theme's original capabilities. It works particularly well for blogs and small informati...