The Heartbleed OpenSSL Exploit

A very serious vulnerability in open source software called OpenSSL was recently discovered which allows malicious users to pull sensitive information from web servers.  The good news for WebECS customers is that we host your sites on Microsoft IIS which is not vulnerable to this exploit.  Microsoft’s IIS web server does not use the OpenSSL library for encrypting traffic so you can rest easy.  If you would like additional verification that your site is not vulnerable to this exploit you can run a test using this tool:  http://filippo.io/Heartbleed/
 
Please note that the above statement applies to shared hosting clients as well as managed clients with virtual dedicated servers.  If you manage your own virtual dedicated server with us and you chose to run an alternate web server such as Apache your site(s) may be susceptible to this exploit depending on your configuration.  For a more in depth technical analysis of this exploit including the specific versions of OpenSSL affected please refer to this URL for additional information:  www.heartbleed.com

Update:  Microsoft posted an article last night with further confirmation that their web server is not affected by this bug:  IIS & Heartbleed