Security Statement on OpenSSL “Heartbleed Bug”

heartbleedEarlier this week a vulnerability with the OpenSSL cryptographic software library was publicly disclosed. This vulnerability is officially being referred to as “CVE-2014-0160” and being widely referred to in the media as the “Heartbleed Bug”.

OpenSSL is very widely installed including on many servers here at Rochen. An article in The New York Times estimates that OpenSSL is in use by over two-thirds of websites including by many popular sites such as Facebook and Google.

Rochen’s Systems Engineering Group first became aware of the “Heartbleed Bug” early on Tuesday, April 8th and immediately began patching any vulnerable OpenSSL installs. Many customers contacted our support team to find their systems had already been proactively patched.

Here at Rochen we take security extremely seriously. Patching of Rochen’s hosting infrastructure to protect against the “Heartbleed Bug” was completed as of April 8, 2014. This includes Shared Hosting servers, Managed Virtual Servers (MVS), Managed Dedicated Servers (MDS) and Managed Cloud Servers (MCS) in both our US and UK facilities.

Rochen recommends our customers follow good security practices including using strong passwords and changing them regularly.

If there is anything further we can assist with our support team is available 24/7 and can be contacted by opening a ticket through the My Rochen customer portal.

Thank you for your continued business.

Chris Adams
Founder & CEO

Ben Johnson RHCSA, RHCE
CTO