2 min read

Are You Safe from the Heartbleed Bug?

Are You Safe from the Heartbleed Bug?

An Internet bug named Heartbleed, which may likely affect all web users, was recently discovered by security researchers and was disclosed this week. Many have called this possibly the most serious breach of Internet security ever. Unfortunately, the extreme technical nature of this problem has left many of us out of the loop. Only the Web service provider, or whoever manages the back-end service your provider uses, can satisfactorily resolve the problem for you. So, for many of us, Heartbleed is as frustrating as it is serious.

What is Heartbleed?

Heartbleed bug and security

Heartbleed is a vulnerability within the OpenSSL technology that is used by many websites and online services to encrypt and keep user data secure. OpenSSL is a free open-source tool designed to work in lots of services. Many ecommerce sites post their SSL certificate badge on every page as an assurance of absolute security. Email providers also employ OpenSSL for encryption purposes. The technology is estimated to be used in about two thirds of all public Internet servers.

This Web infection makes it possible for hackers to easily steal a service's encryption keys, which then allows them to steal other information including all user passwords. A fix was created for it, but now all service providers need to adopt the fix before they can be secure from hackers. The severity of this situation can't be overstated.

Solutions

CommonPlaces, Inc. has updated our OpenSSL packages to the recommended version but this is only half of the fix. We strongly encourage you to rekey (renew) your SSL certificate if you use one, as it is the only way to be certain your site itself is secure. We will be correcting this with all of our customers who purchased their SSL certificate from CommonPlaces. For these customers, we will be in touch shortly to take care of this. While the vulnerability no longer exists on our server, it's possible that an attacker already has your certificate information and could continue to use it to decrypt traffic on your site, including passwords or credit card information.

We highly suggest that if your business does not host with Commonplaces, or didn't purchase your SSL Security Certificate through CommonPlaces, that you contact your provider immediately to confirm that they have corrected the problem.

What does this mean for you?

For all regular Internet activity, it is best to wait a day or two before beginning to change passwords. This will give websites and other services time to adopt the fix and secure their data. A new password for a service that hasn't yet installed the Heartbleed fix can just as easily be stolen as an old password.

Mashable has posted a lengthy survey of some commonly used sites, and their suggestions. Many larger banks seem to be unaffected, which is some small comfort. Social media services and email providers such as Google and Yahoo have taken steps to correct the situation, but are urging their clients to change passwords as a precaution.

Yes, this is another case of bad guys trying to do nasty things to the rest of us. For business owners this is a perfect example of why you should hire someone to manage your website. For the average Internet user, it's proof that we always need to be wary and vigilant.


Related Posts

2 min read

What is an Enterprise Resource Planning System?

The loose, broad categorization that Enterprise Resource Planning Systems (ERPs) fall under can make it very difficult to actually define what they are '- much less how to select the best one for...
5 min read

Hosting & Maintenance 101: Managed Hosting vs. Self Service Hosting

Have you ever done a search for self-service cloud based web hosting options (or something similar) to see if you can get your site up and running on your own? Trying to research and evaluate all of...
4 min read

Agile or Waterfall? Which Development Approach is Best for Your Goals?

This Agile vs. Waterfall decision boils down to whether you know exactly what your end goal is, or if you are open to lots of collaboration and adaptation. So, why not just use both? If only it were...
5 min read

Don’t be a Hostage to Ransomware: How to Prevent a Malware Monstrosity

Ransomware is a form of malware or malicious software, and the goal of it is to lock and encrypt a victim’s computer or device data, then demand payment or “ransom” to restore access. This can be...