Forums
New posts
New posts
Search forums
Market
Domains/Websites Wanted
.com Domain Market
gTLD Domain Market
ccTLD Domain Market
Web3 Domain Market
Third-Level Domain Market
Adult Domain Market
What's New
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Account Upgrade
Premium Members Directory
Log in
Register
What's New
calendar
Search
Search
Search titles only
By:
New posts
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Forums
Domain Discussion
Domain Industry Companies
Heartbleed Vulnerability Of Registrars
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="vivid" data-source="post: 2199212" data-attributes="member: 135822"><p>With <a href="http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/" target="_blank">heartbleed SSL bug</a> being discussed everywhere, I’ve decided to check some popular domain registrars to find out which of them are still insecure in this aspect before logging in or changing password, and decided it’s worth to share the results here. The check was done today, on April 10, with this <a href="https://lastpass.com/heartbleed/" target="_blank">online tool</a>. Here it goes.</p><p></p><p><span style="color: #b30000">Removed results achieved with Lastpass tool as not reliable</span></p><p></p><p><span style="color: #b30000">------------------------------------</span></p><p><span style="color: #b30000">Update:</span></p><p></p><p>The list of official announcements by the registrars.</p><p></p><p><strong>Enom</strong></p><p><em>eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.</em></p><p><a href="http://www.enom.com/news/683/heartbleed-bug-update.html" target="_blank">Read further</a></p><p></p><p><strong>Dynadot</strong></p><p><em>We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.</em></p><p><a href="http://www.dynadot.com/community/blog/2014/04/heartbleed-openssl-security-bug.html" target="_blank">Read further</a></p><p>It’s worth to note that customers were also notified via email.</p><p></p><p><strong>GoDaddy</strong></p><p><em>We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.</em></p><p><a href="http://godaddyblog.com/open-ssl-heartbleed-weve-patched-servers/" target="_blank">Read further</a></p><p></p><p><strong>Name.com</strong></p><p><em>The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …</em></p><p><a href="http://www.name.com/blog/general/tips/2014/04/some-heartbleed-bug-advice-for-name-com-customers-and-pretty-much-everyone-with-ssl/" target="_blank">Read further</a></p><p></p><p><strong>Namecheap</strong></p><p><em>Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.</em></p><p><a href="http://community.namecheap.com/blog/2014/04/08/critical-openssl-security-exploit/" target="_blank">Read further</a></p><p></p><p><strong>1&1</strong></p><p><em>We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.</em></p><p><a href="http://status.1and1.com/" target="_blank">Read further</a></p><p></p><p><strong>Network Solutions</strong></p><p><em>Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).</em></p><p><a href="https://www.networksolutions.com/blog/2014/04/notice-to-web-com-network-solutions-and-register-com-customers-about-the-heartbleed-vulnerability/" target="_blank">Read further</a></p></blockquote><p></p>
[QUOTE="vivid, post: 2199212, member: 135822"] With [URL='http://www.cnet.com/news/how-to-protect-yourself-from-the-heartbleed-bug/']heartbleed SSL bug[/URL] being discussed everywhere, I’ve decided to check some popular domain registrars to find out which of them are still insecure in this aspect before logging in or changing password, and decided it’s worth to share the results here. The check was done today, on April 10, with this [URL='https://lastpass.com/heartbleed/']online tool[/URL]. Here it goes. [COLOR=#b30000]Removed results achieved with Lastpass tool as not reliable[/COLOR] [COLOR=#b30000]------------------------------------ Update:[/COLOR] The list of official announcements by the registrars. [B]Enom[/B] [I]eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.[/I] [URL='http://www.enom.com/news/683/heartbleed-bug-update.html']Read further[/URL] [B]Dynadot[/B] [I]We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.[/I] [URL='http://www.dynadot.com/community/blog/2014/04/heartbleed-openssl-security-bug.html']Read further[/URL] It’s worth to note that customers were also notified via email. [B]GoDaddy[/B] [I]We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.[/I] [URL='http://godaddyblog.com/open-ssl-heartbleed-weve-patched-servers/']Read further[/URL] [B]Name.com[/B] [I]The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …[/I] [URL='http://www.name.com/blog/general/tips/2014/04/some-heartbleed-bug-advice-for-name-com-customers-and-pretty-much-everyone-with-ssl/']Read further[/URL] [B]Namecheap[/B] [I]Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.[/I] [URL='http://community.namecheap.com/blog/2014/04/08/critical-openssl-security-exploit/']Read further[/URL] [B]1&1[/B] [I]We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.[/I] [URL='http://status.1and1.com/']Read further[/URL] [B]Network Solutions[/B] [I]Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).[/I] [URL='https://www.networksolutions.com/blog/2014/04/notice-to-web-com-network-solutions-and-register-com-customers-about-the-heartbleed-vulnerability/']Read further[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Domain Discussion
Domain Industry Companies
Heartbleed Vulnerability Of Registrars
Top
Bottom