With heartbleed SSL bug being discussed everywhere, I’ve decided to check some popular domain registrars to find out which of them are still insecure in this aspect before logging in or changing password, and decided it’s worth to share the results here. The check was done today, on April 10, with this online tool. Here it goes.
Removed results achieved with Lastpass tool as not reliable
------------------------------------
Update:
The list of official announcements by the registrars.
Enom
eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.
Read further
Dynadot
We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.
Read further
It’s worth to note that customers were also notified via email.
GoDaddy
We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.
Read further
Name.com
The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …
Read further
Namecheap
Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.
Read further
1&1
We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
Read further
Network Solutions
Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).
Read further
Removed results achieved with Lastpass tool as not reliable
------------------------------------
Update:
The list of official announcements by the registrars.
Enom
eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.
Read further
Dynadot
We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.
Read further
It’s worth to note that customers were also notified via email.
GoDaddy
We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.
Read further
Name.com
The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …
Read further
Namecheap
Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.
Read further
1&1
We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
Read further
Network Solutions
Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).
Read further
Last edited:
