Google: Compute Engine customers should create new SSL keys over Heartbleed

Summary:Google Compute Engine customers need to create new keys in services that use OpenSSL. Meanwhile, Google Search Appliance customers are still waiting for a patch.

Google said that customers using its Google Compute Engine cloud services need to create new keys for services affected by the Heartbleed virus, which has wreaked havoc on password systems around the Web.

01-heartbleed

Heartbleed is a virus that exploits OpenSSL, which is designed to secure Web traffic through encryption. OpenSSL 1.01 and 1.02 beta are affected. These systems are used on web servers, email servers, virtual private network (VPN) systems, and some client applications.

The attack, brewing for years, has shed light on open source security. Heartbleed's big scare is that it can expose passwords, emails, and financial information.

TechRepublic: The Heartbleed vulnerability: how does it apply to you?

Google raced last week to patch a bevy of services potentially hit by Heartbleed. On April 9, Google's list went like this: Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine, Earth, Analytics, and Tag Manager.

Business services such as Cloud SQL were also patched. Initially, Google gave a workaround for its Compute Engine and still appears to be struggling to patch its Google Search Appliance.

Google updated a blog post with the following:

In light of new research on extracting keys using the Heartbleed bug, we are recommending that Google Compute Engine (GCE) customers create new keys for any affected SSL services. Google Search Appliance (GSA) customers should also consider creating new keys after patching their GSA. Engineers are working on a patch for the GSA, and the Google Enterprise Support Portal will be updated with the patch as soon as it is available.

Creating new keys for Google Compute Engine may be a bit of a pain, but it's necessary. Google Search Appliance customers may be scratching their heads over the time it has taken for the company to deliver a patch.

Topics: Security, Cloud

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.