Here’s how we’re responding to the OpenSSL vulnerability announced at http://heartbleed.com/
This is a very serious security vulnerability in software that is deployed on almost every up-to-date Linux server, including those at Bytemark. It allows a knowledgeable attacker to steal SSL keys, or other sensitive data from your server, and should not go unpatched. Unfortunately it is not clear at the moment that there is any way to know whether this has already happened, since the vulnerability has been around for 2 years.
Most of Bytemark’s servers are configured to automatically install new security updates, and to restart affected services. This will cause a brief outage over most of your internet-facing services, for a few seconds, and as with any restart, a risk that the restart won’t work. We’re here if this happens to you.
Users of Symbiosis and most managed customers will be upgraded automatically over the next 24 hours.
Some managed customers have requested manual security updates, and will be upgraded manually.
You may want to contact your SSL certificate vendor and request a new certificate to completely cover yourself. If you need a new certificate Bytemark can supply and install them for £69, but many vendors may reissue yours for free. We are waiting for reaction from certificate vendors before advising here.
Thanks for your patience - we are expecting a little higher load on support over the next couple of days but will get back to you as quickly as possible on this important internet-wide problem.