Users of 1.0.1 and 1.0.2-beta releases of OpenSSL (including 1.0.1f and 1.0.2-beta1) may need to run a quick upgrade to OpenSSL 1.0.1g thanks to a bug which it seems may affect upwards of 500,000 servers on the net. The Heart Bleed bug allows hackers to access up to 64k of memory on a server, meaning they could grab usernames and passwords, without any way of identifying or logging that there has been a hack.
The Prater Raines servers aren’t affected by this issue, but for those that are this is a massive security hole. A short term fix, where upgrading isn’t an option, is to recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS. We were made aware of the issue by fellow coders based in Scotland. The bug hasn’t really made the headlines at the time of writing, but it is potentially massive.
Luckily there is already a site that you can use to check whether your server is at risk at http://filippo.io/Heartbleed/. Needless to say, we got the “All good” message for our website servers. You can also find out more about the bug on the BBC News website as well as on the OpenSSL website. Users of Minecraft will be relieved to know that Amazon have upgraded their servers with the fix, although changing all of your passwords may be a good call.