By now you have probably heard about Heartbleed vulnerability over social media and news outlets. What is it? Why should you be concerned? Is your site vulnerable? This post will cover what we know and what you should do.
What is the Heartbleed Vulnerability?
The vulnerability concerns a piece of software running an many web servers on the internet called OpenSSL. This software is what most sites on the internet use to allow their visitors to connect securely to their websites (via “https” connections). There was a vulnerability found in the software that allows a person to read 64k of memory at a time of systems running the later versions of OpenSSL.
Should I be concerned?
The vulnerability allows anyone with the right tools to read your server’s memory and pluck out usernames, passwords, credit card information, or the secret keys of your SSL/TLS encryption to crack secure communications and other sensitive information. This means they could basically login multiple times and steal every bit of data on your site. Exposing you and your customers to liability and identity theft.
Is my site vulnerable?
That depends. If your server is running a recent version (since 2011) of OpenSSL and it has not been patched then yes your site is vulnerable (you can test your site here). If you are running a very old site that has not had the software updated you may not be vulnerable. All servers maintained by BizzyWeb and all sites hosted on BizzyWeb’s servers are secure.
What should I do going forward?
It would be a good idea to log into your site and change your password and have anyone else on your team or who has access to your site do the same. Make sure the password is at least 8 characters long and contains capitol letters and at least one number or punctuation mark. Here’s a great article from PC World on what to consider.
If you have further concerns about this or other threats you have heard about, feel free to go to BizzyWeb.com/Support and let us know how we can help. Someone on our team will be happy to assist you.