Heartbleed Bug Information

Summary

The Heartbleed bug (http://en.wikipedia.org/wiki/Heartbleed_bug) is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1.f. You have probably read about it or seen it in the news and we felt an article release, was appropriate to advise our customers on the matter.

This vulnerability allows an attacker to read chunks of memory from servers and clients that connect using SSL (the gold padlock in a browser) through a flaw in OpenSSL’s implementation of the heartbeat extension.

OpenSSL provides critical functionality in the internet ecosystem, and therefore vulnerabilities, such as Heartbleed, have a significant impact on digital communications and their integrity.

What does this mean for you?

SSL is an important protocol for securing web traffic and securing web requests for logins, order transactions, etc.. All web applications must rely on web servers to correctly implement the SSL protocol.

AWS Server Patched and Secured

We have checked and patched our servers to the latest OpenSSL and as far as we can, have patched the vulnerability.

The Heartbleed bug has had a profound impact on the transmission of secure data throughout the Internet. It is for that reason that we are encouraging our customers to reset their member area passwords at their earliest convenience as a matter of common password maintenance. Please remember to always make your passwords unique, random, and periodically rotate them.

In regard to 3rd party passwords, it is suggested that you take this opportunity to update passwords to all sites if possible, or at least those which have access to your credit card information.

1Password

Ironically, some of our clients and friends expressed a concern with the likes of 1password. This in our opinion, is a fantastic piece of software which stores all of your websites, logins, personal information and financial information. The concern from some we knew, was that all it took was one place to be hacked and then everything is exposed. In actual fact, 1password is not effected by this vulnerability and the data is safe. It has also never been hacked (touch wood, it stays that way).

1password uses military grade encryption and it installs on windows or mac and covers iPhone, iPad etc. You can store all of your website data in one place and easily access it with one single password (but obviously, make it a really good one!). We can’t talk more highly of this software and advise everyone looks into it.

Find out more here (note: we do not embed affiliate links, we make no earning and we receive no benefit. We just like it and wish to share it with you)

Don’t Panic

We have had a few panic emails and phone calls over this matter. Our advise is not to panic and to simply use this opportunity to change a few key passwords.