This is a collection of 10 articles from mainly domain name related blogs and publications covering the effect of the Heartbleed bug on registrars, registries, ICANN, and pretty much all the websites we use everyday.
DomainGang.com: Heartbleed bug: Which Domain Registrars are safe?
“Even if they are safe or if they recently patched the OpenSSL software, due to the
complexity of this security bug, registrars are advised to have SSL certificates re-issued for themselves, immediately.”
HybridDomainer.com: All the passwords you should change because of Heartbleed
“Major sites ranging from Facebook and Google to Pinterest and Flickr were affected. Luckily, many financial institutions were not.”
name.com: Some Heartbleed Bug advice for Name.com customers (and pretty much everyone with SSL)
“The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected.”
Tucows and opensrs.com: OpenSRS and Heartbleed
“Heartbleed is believed to affect more than two thirds of all Internet services and many of OpenSRS’s systems rely on OpenSSL to protect customer data. At this point, we have no evidence that this attack was used against OpenSRS but we have been doing our due diligence to ensure the integrity of our services and systems.”
Tucows and opensrs.com: Heartbleed and SSL Certificates
“We have spoken to our technical support teams from all of our SSL vendors in regards to this issue and if your server runs the version of OpenSSL that is being affected by this bug (OpenSSL 1.0.1 through 1.0.1f), there are potential vulnerabilities.”
dynadot.com: What You Need to Know (& Do) About the Heartbleed OpenSSL Security Bug
“Yes, we recommend changing your Dynadot account password as a precaution. See our help file on how to change your password.”
Nominet: Security update – ‘Heartbleed Bug’
“Nominet has seen no indication, in any of our systems, that this vulnerability has been exploited; however this acts as a timely reminder to ensure that we all look after and regularly change our usernames and passwords. If you use the same details across more than one website or service, now may be a good time for a regular refresh of these.”
ICANN Blog: The Heartbleed Bug: Are you at risk?
“ICANN is aware of the Heartbleed Bug. While the vulnerability does not affect the DNS, ICANN’s Security Team is urging top level domain registries, registrars (and their resellers) who provide e-merchant services for domain registration and other online services who use OpenSSL to upgrade to OpenSSL 1.0.1g, a version of OpenSSL that mitigates the threat from the Heartbleed Bug.”
circleid.com: Heartbleed: Don’t Panic
“There’s been a lot of ink and pixels spilled of late over the Heartbleed bug. Yes, it’s serious. Yes, it potentially affects almost everyone. Yes, there are some precautions you should take. But there’s good news, too: for many people, it’s a non-event.”
DomainTools.com: Password Update Required to Address OpenSSL Heartbleed bug
“Now that new SSL certificates are installed on all of our services, all DomainTools users will be logged out and forced to change their passwords to ensure there is no lingering exposure to Heartbleed. This needs to be done to ensure the security of our users’ accounts and login credentials.”
Nice collection, I already knew a few.