With the Heartbleed bug affecting millions of web sites utilizing the OpenSSL certificate, one has to worry about the domain registrars using this type of software.
Your domains are as safe as your registrars.
The safe ones – at least as far as Heartbleed is concerned – are those that don’t use OpenSSL; primarily running Windows Server software.
Even if they are safe or if they recently patched the OpenSSL software, due to the complexity of this security bug, registrars are advised to have SSL certificates re-issued for themselves, immediately.
A DNForum member conducted a test, using an online tool designed for the Heartbleed vulnerability. Here are the results:
Enom
eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.
Read furtherDynadot
We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.
Read further
It’s worth to note that customers were also notified via email.GoDaddy
We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.
Read furtherName.com
The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …
Read furtherNamecheap
Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.
Read further1&1
We discovered a critical weakness in the SSL Library “openSSL”. A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
Read furtherNetwork Solutions
Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).
Read further
For info about the Heartbleed bug, click here.
This post is 100% true!
*
Thanks.
Good info.
*
Recommending windows based registrars because they are safer… and I think I had heard it all before 😉
Above.com does not used the affected version of OpenSSL that is vulnerable to the Heartbleed bug. If you are keeping a running list of safe registrars, would you please add Above.com to the Safe List?
The list has been updated to reflect changes in the original DNForum post it is referencing.
Also, Moniker contacted us with the statement: “Moniker.com is not running a vulnerable version of OpenSSL.” and We were never running a version vulnerable to the bug.”
NameSilo just posted to their Facebook page that they have installed their re-issued SSL certificate and that they patched their previous OpenSSL install within an hour of Heatbleed being made public.