You may or may not be aware of a widely publicised, and potentially extremely damaging, vulnerability that has been discovered in the OpenSSL library that is used in providing various SSL services on approximately 2/3rds of all servers worldwide. SSL (Secure Sockets Layer) is the protocol that provides encrypted transmission of data between client and server for e-commerce sites, banks, brokerages etc as well as secure email, FTPS - literally any site or service that is secured by an SSL certificate.

We have been working dilligently to stay on top of this vulnerability since it was first disclosed. As a result:

- All NitroHost servers are now running a fully patched OpenSSL implementation as provided by the operating system vendor.

- As a precaution, all SSL certificates owned by NitroHost, or used in conjunction with the provision of services such as FTPS, secure SMTP / IMAP / POP3 access, SSH, cPanel access and so on have been revoked, had new private keys generated, and brand new SSL certificates have been installed.

- All server root passwords have been changed. This was not strictly necessary as our IDS (Intrusion Detection System) applications notify us of any root logins, but we always prefer to err on the side of caution where security is concerned.

At this point we have successfully tested with various third party tools to make 100% certain that the vulnerability does not exist on our servers and/or the services provided on them.

Despite all of these precautions, we strongly urge all customers to change their account passwords at the earliest possible opportunity. This is as simple as logging in to your cPanel and clicking the "Change Password" icon under "Preferences". Again, it is better to be safe than sorry with such a widespread and critical vulnerability in the wild.

Customers who have their own website SSL certificates should seriously consider going through the certificate revocation and re-issuance process as a precautionary measure. We are ready and willing to assist with this process, please open a support ticket at https://www.nitrohost.com/supporttickets.php (you will need to be logged in to your customer account) and we will be happy to guide you through it.

More information about this vulnerability for the curious geeks: http://heartbleed.com/

Handy testing website - we recommend that you use this to check any sites that you send private information to/from such as online banking services, e-commerce sites etc before you use them: http://filippo.io/Heartbleed/

You can now follow us on Twitter @NitroHost (after a lengthy battle to get that handle from an impersonator!) and we will be posting service updates via that channel in future as well as in the Announcements area of our site.