Are You Safe from the Heartbleed Bug?

Share this post

An Internet bug named Heartbleed, which may likely affect all web users, was recently discovered by security researchers and was disclosed this week. Many have called this possibly the most serious breach of Internet security ever. Unfortunately, the extreme technical nature of this problem has left many of us out of the loop. Only the Web service provider, or whoever manages the back-end service your provider uses, can satisfactorily resolve the problem for you. So, for many of us, Heartbleed is as frustrating as it is serious.

What is Heartbleed?

Heartbleed bug and security

Heartbleed is a vulnerability within the OpenSSL technology that is used by many websites and online services to encrypt and keep user data secure. OpenSSL is a free open-source tool designed to work in lots of services. Many ecommerce sites post their SSL certificate badge on every page as an assurance of absolute security. Email providers also employ OpenSSL for encryption purposes. The technology is estimated to be used in about two thirds of all public Internet servers.

This Web infection makes it possible for hackers to easily steal a service’s encryption keys, which then allows them to steal other information including all user passwords. A fix was created for it, but now all service providers need to adopt the fix before they can be secure from hackers. The severity of this situation can’t be overstated.


CommonPlaces, Inc. has updated our OpenSSL packages to the recommended version but this is only half of the fix. We strongly encourage you to rekey (renew) your SSL certificate if you use one, as it is the only way to be certain your site itself is secure. We will be correcting this with all of our customers who purchased their SSL certificate from CommonPlaces. For these customers, we will be in touch shortly to take care of this. While the vulnerability no longer exists on our server, it’s possible that an attacker already has your certificate information and could continue to use it to decrypt traffic on your site, including passwords or credit card information.

We highly suggest that if your business does not host with Commonplaces, or didn’t purchase your SSL Security Certificate through CommonPlaces, that you contact your provider immediately to confirm that they have corrected the problem.

What does this mean for you?

For all regular Internet activity, it is best to wait a day or two before beginning to change passwords. This will give websites and other services time to adopt the fix and secure their data. A new password for a service that hasn’t yet installed the Heartbleed fix can just as easily be stolen as an old password.

Mashable has posted a lengthy survey of some commonly used sites, and their suggestions. Many larger banks seem to be unaffected, which is some small comfort. Social media services and email providers such as Google and Yahoo have taken steps to correct the situation, but are urging their clients to change passwords as a precaution.

Yes, this is another case of bad guys trying to do nasty things to the rest of us. For business owners this is a perfect example of why you should hire someone to manage your website. For the average Internet user, it’s proof that we always need to be wary and vigilant.

Your Dilemma: Which Agency Should You Choose?

The answer to this one is simple: Pick CommonPlaces

Our goal is not to simply win a bid, it’s to act as a partner for a company and help it succeed. Providing that level of service requires experience, trust, and delivering final products.

You can see our about page to understand our experience. We have a cornucopia of experience. 

The seed of trust is planted during our initial interactions. We are honest in our interactions and that will come through in our communications.

And we deliver results. The biggest proponents of CommonPlaces can be found in our current and past clients. Our team will be happy to connect you.

Related Posts

The Dilemma of Estimates

The Dilemma of Estimates

Estimates serve as the cornerstone of any website project, providing clients with a roadmap for budgeting, planning, and expectation management. They offer a glimpse into the intricate tapestry of tasks, timelines, and resources needed to bring a website to life.

Config Sync Overview

Config Sync Overview

When Drupal 8 was released, it came with Configuration Syncing functionality. This has been a staple ever since for Drupal 9, Drupal 10, and beyond. Configuration Syncing was a game changer and one of my favorite features in Drupal Core.The days before config sync...