You may have read in the media or online about the “Heartbleed” vulnerability in Internet encrypted communications. This is a very serious vulnerability.

We patched all our servers for this vulnerability immediately upon release of news about Heartbleed, last week. None of Simba Hosting’s servers were vulnerable after these patches had been applied.

It is theoretically possible that an attacker who had advance knowledge of “Heartbleed” could have used it to decrypt information from encrypted communications, before people patched their servers. (Note that if your website access is not encrypted, then this is moot – the effect of “Heartbleed” is to possibly allow decryption, if an attacker knew of the problem and attempted to use it before it was patched). Because of this, we have reset the SSL certificates for Simba Hosting’s website, and for your email access. If you wish to fall on the side of caution, then you may wish to reset your passwords in your control panel.

At this time, there is only very slight evidence of the “Heartbleed” problem being used to launch any real-world attacks; for example, an attacker gained access to data from the Canadian tax authority’s website in the window of a few hours after information about “Heartbleed” became public, before they patched their servers. It is unlikely that, given a vulnerability like this, an attacker would turn his attention to enterprises like small or medium hosting companies, when potentially much larger targets were open. However, it is better to make sure, than to rely on probabilities, which is why we have reset some of our certificates. The main take-away is: there’s no reason to worry about anything at this time!