Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.
Domain summit 2024

Heartbleed Vulnerability Of Registrars

vivid

Level 2
Legacy Platinum Member
Joined
Jan 26, 2010
Messages
35
Reaction score
4
Feedback: 0 / 0 / 0
With heartbleed SSL bug being discussed everywhere, I’ve decided to check some popular domain registrars to find out which of them are still insecure in this aspect before logging in or changing password, and decided it’s worth to share the results here. The check was done today, on April 10, with this online tool. Here it goes.

Removed results achieved with Lastpass tool as not reliable

------------------------------------
Update:


The list of official announcements by the registrars.

Enom
eNom makes every effort to keep our systems patched to limit the impact of security vulnerabilities. Updates have been made to our systems to ensure that we remain unaffected by this vulnerability. If you are running your own systems with OpenSSL versions 1.0.1 through 1.0.1f, your system is vulnerable and we suggest upgrading to a more recent version.
Read further

Dynadot
We have already made necessary adjustments to combat the Heartbleed issue. Our website is safe and we will continue to monitor it. We recommend changing your Dynadot account password as a precaution.
Read further
It’s worth to note that customers were also notified via email.

GoDaddy
We’ve been updating GoDaddy services that use the affected OpenSSL version. … For additional security, we recommend that you rekey your SSL certificate.
Read further

Name.com
The Name.com website was not vulnerable to the bug and Name.com has been rolling out the latest security patches on all systems to ensure that we remain unaffected. But this is a pretty serious bug, and if you’ve been using an SSL Certificate with Name.com (or any online company), we strongly recommend that you follow these two steps to update and secure your SSL: …
Read further

Namecheap
Unmanaged/self-managed customers who have a VPS or a Dedicated Server with Namecheap will need to do the following to secure their server. We recommend you perform these steps immediately.
Read further

1&1
We discovered a critical weakness in the SSL Library "openSSL". A third party would be able to access confidential data. However, this only applies to the storage of Apps which use this Library. The following versions are affected by this: OpenSSL 1.0.1 to 1.0.1.f. If you are using one of these versions we recommend that you run an update as soon as possible. … When first discovering this issue we immediately checked our internal systems. Our services, such as the 1&1 Control Center, can´t be attacked through this security hole.
Read further

Network Solutions
Where appropriate, these services and systems have been patched. Because of the impossibility of determining whether this exploit has been undertaken on our systems, we are recommending the following activity by you as soon as possible: 1. You should immediately change any and all passwords that you use to access our systems. 2. If you are a user of our Virtual Private Server product (VPS Hosting) and have installed a version of OpenSSL on your server that differs from the one we provide, you should immediately check its version number and replace it, if it is one of the affected versions (1.0.1a-f).
Read further
 
Last edited:
Domain summit 2024

vivid

Level 2
Legacy Platinum Member
Joined
Jan 26, 2010
Messages
35
Reaction score
4
Feedback: 0 / 0 / 0
Dynadot is joining Name.com as one of the first registrars applying the fix. Thanks for the quick issue resolution!
 

mvl

Level 8
Legacy Exclusive Member
Joined
Sep 24, 2006
Messages
1,327
Reaction score
34
Feedback: 37 / 0 / 0
There is another test on this site.

moniker.com - reported as probably safe
fabulous.com - reported as safe
namesilo.com - reported as safe
directi.com - reported as safe
dotster.com - reported as safe
 

vivid

Level 2
Legacy Platinum Member
Joined
Jan 26, 2010
Messages
35
Reaction score
4
Feedback: 0 / 0 / 0
mvl – Thanks, looks like the tool provided by Lastpass that I was using for this test is quite questionable. They seem to perform radical changes on the fly – I see some sites that were reported as _definitely_ vulnerable just yesterday are displayed as “Was vulnerable: No” today, e.g. Evernote.

Also, while Lastpass tool states that DoDaddy uses Microsoft-IIS/7.0 as server software and was not vulnerable at all, the blog post at GoDaddy confirms that they were patching their servers with the fix for this vulnerability – looks like GoDaddy speaks about the custom SSL certificates provided in scope of their hosting service, but this still should be taken in account.

So, I’m taking down all the lists above to avoid the unintended confusion. Please do your own research – besides online checking (probably better with multiple tools), search for the official announcements of the corresponding registrar and contact customer support if still uncertain.
 

vivid

Level 2
Legacy Platinum Member
Joined
Jan 26, 2010
Messages
35
Reaction score
4
Feedback: 0 / 0 / 0
I've replaced the initial test results with the official announcements of the registrars when was able to find them. Note that some instructions apply to hosting settings only, while others deal with the service account access; so read the details for clarifications.
 

hemantwps

Level 1
Legacy Gold Member
Joined
Feb 2, 2016
Messages
21
Reaction score
1
Feedback: 0 / 0 / 0
The safe ones – at least as far as Heartbleed is concerned – are those that don’t use OpenSSL; primarily running Windows Server software.

Even if they are safe or if they recently patched the OpenSSL software, due to the complexity of this security bug, registrars are advised to have SSL certificates re-issued for themselves, immediately.
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Sedo - it.com Premiums

IT.com

Premium Members

AucDom
UKBackorder
Be a Squirrel
MariaBuy

New Threads

Our Mods' Businesses

UrlPick.com
Free QR Code Generator by MerchArts

*the exceptional businesses of our esteemed moderators

Top Bottom