Heartbleed poses a serious security threat to websites using OpenSSL. Can it be fixed ?
First, we must understand that Heartbleed bug does not affect all version of OpenSSL. Only version 1.0.1 through 1.0.1f with heartbeat extension are affected.
Next, as almost 66% of websites are affected. It is best to change password. And if you are like me who rarely change password. It is the right time to choose a new password and update our websites login. I already did.
If you are hosting a website and do uses OpenSSL, Namecheap have a handy guide you can use:
SSL Certificate customers
First of all, if you are not using OpenSSL on your servers (or are not hosted on one of our Shared hosting plans), you are not affected.
If you do use OpenSSL, we strongly advise the following:
1. Identify which servers are running OpenSSL (versions 1.0.1 through 1.0.1f are affected).
2. Update to the latest patched version of the software (1.0.1g), or recompile OpenSSL without the heartbeat extension, if applicable.
3. Reissue any SSL certificates on affected web servers after moving to a patched version of OpenSSL.
4. Test your SSL installations.
5. Revoke any certificates that were replaced. Please revoke AFTER the reissue has been completed and you have successfully installed it on your web server.
6. Consider resetting end-user passwords that may have been visible in a compromised server memory.
7. Always refer back to this KB Article for more information.
Do read the Namecheap articles for more details on SSL certification revocation and reissue.