Unless you have been living under a rock for the past few days, you will have likely encountered news about the so-called “heartbleed” bug affecting SSL web sites. News from the Canada Revenue Agency that electronic services including online tax filing have been suspended while they deal with the impact of this bug may have you worried. The fact that organizations such as the Canada Revenue Agency have taken such action demonstrates how serious this particular problem is.
The heartbleed bug is a problem in the implementation of a particular feature in the recent versions of the OpenSSL library. This library is used by the software that serves a vast number of web sites to Internet users the world over. It is the OpenSSL library that implements the “s” part of “https” for a great many web servers.
It turns out, however, that not every version of OpenSSL is vulnerable. In fact, the version used on Lexicom’s servers predates the new feature that carries the bug. That means that web sites hosted on Lexicom’s servers are not vulnerable to this bug and our hosting customers need not take any actions to mitigate the risk. If you run your own servers, however, you should take a close look at the software versions your are using to determine if you need to take action. Most Linux distributions have issued patched versions of OpenSSL to correct the problem and other software distributors likey have as well.