Security update ‘Heartbleed Bug’

9th April 2014

You may have heard in the news today about the ‘Heartbleed Bug’. This is a vulnerability that has been discovered in the software that helps safeguard sensitive information that travels between your computer and important websites (such as banking or shopping sites).

Many companies, including Nominet, use this software to help build their secure systems, so this flaw is very widespread. We, amongst many, have reacted quickly and ‘patched’ our systems.

Nominet has seen no indication, in any of our systems, that this vulnerability has been exploited; however this acts as a timely reminder to ensure that we all look after and regularly change our usernames and passwords. If you use the same details across more than one website or service, now may be a good time for a regular refresh of these.

As with all potential security concerns, Nominet will continue to review and monitor the situation.

About the flaw

The security flaw has been discovered in the ‘OpenSSL’ software – a common tool that is used to generate the important keys that help encrypt data between computers that use the Secure Socket Layer protocol. You would normally see evidence of this happening as a green bar or padlock in your browser bar if you are eagle-eyed.

The flaw means that it is possible in certain circumstances for a hacker to view the data that you believe is being sent confidentially (such as usernames, passwords or banking details). It must be pointed out that the chance of this happening is extremely unlikely, however like all flaws, it is possible that this could be exploited in certain circumstances.