You no doubt have heard of the bug found recently in OpenSSL. This is a security package run on Linux servers like those we run here at Ashdown. So did our servers put you at risk? The short answer is no. The majority of our web servers run a version of OpenSSL that predated the introduction of the bug itself, and therefore did not need fixing. That does not mean we were running old software though. These earlier versions of OpenSSL are fully “patched” to deal with all other discovered security risks, so are completely up-to-date from a security standpoint, and will remain so. Those of our servers that were running the new baseline version of OpenSSL that did contain the bug were automatically updated to eliminate the problem before news of the bug even hit the media. Even then, to exploit the bug the hacker would have to separately break into the server, and ours are locked down to prevent that happening.
So should you change your passwords? It is our opinion that rushing out and doing that is not required. But our advice is always to use good passwords; don’t use the same password all over the place; and change them frequently. A good password is one not easily guessed; contains more the 8 characters; include special characters like @! etc; has different case letters; and includes some numbers. Here’s an example: Butt3r&F0xgl0ve. The two apparent words are unrelated and the password contains all the other aspects mentioned.