Are you a Human Rights or Media organisation and running a website? This could be important information for you! You might have heard in the media that security researchers have found a huge security vulnerability in the Internet that has been named Heartbleed. In short, Heartbleed is a critical flaw in OpenSSL, a software which is used to secure hundreds of thousands of websites, including major sites like Instagram, Yahoo, and Google. This security exploit can give attackers access to sensitive information like logins and passwords, as well as session cookies and possibly SSL keys that encrypt all traffic to a site.

The solution is not difficult to implement, but it is important that it is done as soon as possible! Below you find the steps that are recommended by VirtualRoad.org on how you can patch your broken OpenSSL library:

Step 1: CHECK IF YOUR WEBSITE IS RUNNING THE VULNERABLE VERSION OF OPEN SSL

You can do this here:

https://www.ssllabs.com/ssltest/

http://filippo.io/Heartbleed/

Step 2: UPGRADE YOUR SSL LIBRARIES IN YOUR HOSTING PROVIDER

Upgrading the website to the patched version of the library will require you to inform your hosting provider or web administrator immediately and ask them to upgrade the software (SSL library). They will need to reboot the server for the changes to take effect. Redo step 1 to see if the problem is solved.

Step 3: CHANGE PASSWORDS

Please note that an attacker could have been able to retrieve your passwords. In all cases it is advisable to change all passwords to the website, but especially if you have logged into you website in the last week.

Step 4: RE-KEY YOUR SSL CERTIFICATE

If you run your website under HTTPS where confidentiality is key for your work, we strongly advice you to Re-key your SSL certificate immediately. The process of re-keying a certificate needs to be done with the same Certification Authority that you purchased your SSL certificate to. Renewing the existing certificate will not fix the problem, you need to create a new certificate and revoke the current one.

For more information on Heartbleed please look here

The Digital Defenders Partnership would like to thank VirtualRoad.org for their timely assistance in detecting Heartbleed among our partners and providing clear instructions on how to deal with the problem.