Proactively Dealing with Heartbleed for our Clients


Earlier this week, security researchers discovered a vulnerability in the open-source OpenSSL encryption software. You may have heard about this vulnerability, called “Heartbleed", as news has spread worldwide with many prominent web services taking action.

OpenSSL is cryptographic software that secures private communication on websites through the HTTPS protocol and is reportedly in use on roughly two thirds of websites. It is important to be clear that the bug affects only certain versions of the software (1.0.1 and 1.0.2-beta releases, with 1.0.1g being the patched version).

Upanup Studios manages a number of different web servers for our internal use and hosting our clients' websites and apps. A number of these use OpenSSL, although in most cases we weren't using the affected version. In these cases, for the majority of our clients we have assurance that the vulnerability was not exploited. Regardless, we are actively re-keying SSL certificates and upgrading OpenSSL (where possible) as a precautionary measure.

For the one server we utilize that had the vulnerable version of OpenSSL, we applied the patch immediately and re-keyed an SSL upon the news of the vulnerability coming out and confirmed that the sites hosted there do not store exploitable or sensitive data. We believe that by being proactive in keeping our clients' web solutions secure and by maintaining transparent communications with our clients, we provide peace-of-mind and prevent potential headaches for all involved.

While our core business is providing expertise in user experience, engaging campaigns and web properties, we aim to provide our clients value from our proactive approach to managing secure and stable online solutions. If you have any questions, or are interested in talking about how we can help manage your web presence, please get in touch.

For more information and relevant news:

By Richard Hammond
Partner & Lead Developer
April 9th, 2014
Disclaimer: Our team members contribute to this blog in their own voices. As such, opinions expressed in this post are not necessarily shared by Upanup. If you are curious or concerned, please contact us.