The recently exposed vulnerability with some versions of OpenSSL (known as “Heartbleed”) was obviously making the headlines this time last month, so we wanted to take this opportunity to advise all of our customers that none of OXLink’s web servers are (or have ever been) affected by this security bug.
What this means to you
If your website is hosted by OXLink, you can rest assured that its hosting environment has never been vulnerable to any Heartbleed security exploits at any time.
Services provided / hosted by third parties
If you’re hosting your website elsewhere (even if it was originally designed and built by OXLink) or you’re using any third party hosted services through your website (e.g.: booking engines, Payment Service Providers* etc) you will need to ensure (if you haven’t already) that the providers of these services have checked their own hosting environments for any presence of the Heartbleed vulnerability and have addressed any discoveries accordingly.
About Payment Service Providers (PSPs)
Those customers using third party PSPs for ecommerce activities on their websites should note that Sage Pay, PayPal and WorldPay all report to have been unaffected by the Heartbleed bug.
Customers should also note, however, that although we provide this information in good faith and warrant it to be accurate at time of writing, we cannot be held responsible for any change of circumstances or advice relating to any service we do not supply.
If you remain concerned and have not already been contacted by your PSP in respect of Heartbleed (or your PSP is not one of those we’ve listed), we would strongly advise that you speak to them directly.
Activities outside of your website
Whether or not your website and its visitors are safe from Heartbleed doesn’t, of course, have any bearing on your own internet activities (or the mobile devices you might be using to facilitate them*). If you haven’t already, you will still need to follow the advice given by providers of any online services you might use as a business (or individual).
How to find out who was affected
Some service providers have been upfront about whether or not they’ve fallen victim to the bug. We know, for example, that the popular cloud storage facility, Dropbox, patched their servers against Heartbleed (users having to change their passwords as a result) but you might find it necessary to do a certain amount of “digging” for information on other services.
LastPass offers a useful diagnostic tool for identifying affected websites and it’s always worth checking on the situation with the site owner themselves too, of course.
In addition, if you’re an Android user, you’ll also want to have a look at this post from Google’s Online Security Blog to find out if your mobile device is vulnerable.
More about Heartbleed
If you’d like to learn more about Heartbleed (and why it caused such a commotion), there’s a good explanation of the vulnerability on Mashable’s website here, along with the official Heartbleed Bug website set up by Codenomicon (who first discovered the bug).