2 min read

Are You Safe from the Heartbleed Bug?

Are You Safe from the Heartbleed Bug?

An Internet bug named Heartbleed, which may likely affect all web users, was recently discovered by security researchers and was disclosed this week. Many have called this possibly the most serious breach of Internet security ever. Unfortunately, the extreme technical nature of this problem has left many of us out of the loop. Only the Web service provider, or whoever manages the back-end service your provider uses, can satisfactorily resolve the problem for you. So, for many of us, Heartbleed is as frustrating as it is serious.

What is Heartbleed?

Heartbleed bug and security

Heartbleed is a vulnerability within the OpenSSL technology that is used by many websites and online services to encrypt and keep user data secure. OpenSSL is a free open-source tool designed to work in lots of services. Many ecommerce sites post their SSL certificate badge on every page as an assurance of absolute security. Email providers also employ OpenSSL for encryption purposes. The technology is estimated to be used in about two thirds of all public Internet servers.

This Web infection makes it possible for hackers to easily steal a service's encryption keys, which then allows them to steal other information including all user passwords. A fix was created for it, but now all service providers need to adopt the fix before they can be secure from hackers. The severity of this situation can't be overstated.


CommonPlaces, Inc. has updated our OpenSSL packages to the recommended version but this is only half of the fix. We strongly encourage you to rekey (renew) your SSL certificate if you use one, as it is the only way to be certain your site itself is secure. We will be correcting this with all of our customers who purchased their SSL certificate from CommonPlaces. For these customers, we will be in touch shortly to take care of this. While the vulnerability no longer exists on our server, it's possible that an attacker already has your certificate information and could continue to use it to decrypt traffic on your site, including passwords or credit card information.

We highly suggest that if your business does not host with Commonplaces, or didn't purchase your SSL Security Certificate through CommonPlaces, that you contact your provider immediately to confirm that they have corrected the problem.

What does this mean for you?

For all regular Internet activity, it is best to wait a day or two before beginning to change passwords. This will give websites and other services time to adopt the fix and secure their data. A new password for a service that hasn't yet installed the Heartbleed fix can just as easily be stolen as an old password.

Mashable has posted a lengthy survey of some commonly used sites, and their suggestions. Many larger banks seem to be unaffected, which is some small comfort. Social media services and email providers such as Google and Yahoo have taken steps to correct the situation, but are urging their clients to change passwords as a precaution.

Yes, this is another case of bad guys trying to do nasty things to the rest of us. For business owners this is a perfect example of why you should hire someone to manage your website. For the average Internet user, it's proof that we always need to be wary and vigilant.

Related Posts

1 min read

CommonPlaces to Present at DrupalCon Paris

The DrupalCon Paris session schedule was finalized over the weekend, and we are very excited to be presenting two sessions at the upcoming Drupal conference. The first session, "Staging Drupal:...
5 min read

Benefits of Building a Website with Open Source Software

When it comes to building a website, you are faced with a variety of decisions that need to be made. The most important is partnering with the right agency. (Bit of a sales pitch, but I stand by that...
3 min read

The Pros and Cons of Rebranding: Is It Worth It?

Have you been thinking about rebranding? Rebranding a company is no longer as simple as tweaking your logo and slapping the new version onto your website. With so many online marketing channels...
5 min read

Ready, Set, Go! What to Expect During Your Website Redesign

So, you’ve been in business for quite some time now and your site is looking a little ‘meh’ – a little tired – a bit outdated. You finally bit the bullet and decided to hire a great development...