security

By now you've probably heard about the Heartbleed security vulnerability.

If you haven't, here are a few important facts to know:
 

1. This week, the Heartbleed bug was detected in recent versions of the most popular SSL/TLS encryption implementation (OpenSSL).  It affected the majority of websites and services on the internet (about 2/3), including our server as well.  
    
2. We took immediate steps to patch the potential vulnerability in our website & email hosting server and Schweb Design is no longer vulnerable. For more information check out http://heartbleed.com.
    
3. This is not a vulnerability with our server's SSL or your sites' SSL/TLS or Schweb Design.  Your site is & was not broken, nor are any digital certificates for your domain.
    
4. We have secured the server and fix this bug:
   1. We have fixed this vulnerability on our server and verified/tested.
   2. We've regenerated all server SSL keys, CSRs, and certificates including yours if you have an SSL certificate on your website (e.g. receive credit card payments).  As a side-effect, you might notice Outlook or your mail client temporarily complain about a new certificate (this should go away shortly after changes propagate).
   3. We've changed all server administrator passwords including all clients' hosting account passwords.  If you'd like your new cPanel hosting account password, just drop us a line and we'll let you know what it is!
       
5. This has affected all of us, including you.  We have no evidence of any malicious behavior, but we strongly encourage you to please follow our final steps you can take below. 

So you've secured the web & email server, now what do I need to do?