• 0Shopping Cart
  • 1 Day® Website
  • 1 Day® Branding
  • 1 Day® Brandstorm
  • 1 Day® Startup
  • 1 Day® SEO
  • 1 Day® Social
  • 1 Day® Website
  • 1 Day® Branding
  • 1 Day® Brandstorm
  • 1 Day® Startup
  • 1 Day® Strategy
  • 1 Day® SEO
  • WordPress
    • WordPress Web Design
    • WordPress Training
    • WordPress Website Maintenance & Support
    • What is WordPress?
  • Resources ▾
    • Blog
    • Website Preparation Guide
    • 25 Elements of a Magnetic Brand
    • How to Name Your Startup
    • A Startup’s Guide to Hiring a Web Design Company
    • Video Tutorials & Resources
  • Tools ▾
    • Core Values Exercise
    • Brand Archetype Quiz
    • Brand Voice Exercise
    • Style Moodboards
  • Portfolio
  • Events
  • About Us ▾
    • Our Team
    • Client Reviews
    • Past Clients
    • Press
    • Passion Projects
    • Get 1 Day Certified
  • Logo Store
  • Contact
  • Search
  • Menu Menu
Bizzy Bizzy Blog
Security

What is the deal with Heartbleed?

April 17, 2014/in Bizzy Bizzy News, Sweet Talk Blog /by Candy Phelps

Why is everybody writing and talking about “Heartbleed”? It probably affects more people than any other vulnerability we’ve ever seen. If you have ever logged into any web site, anywhere, your password might have been revealed — and that is just the start. We culled the following information from various reports from outside sources. At this time, any customers of ours who need to take action have been notified.

Last week, U.S. authorities warned that the “Heartbleed” bug of OpenSSL affected a significant portion of the Internet, including major websites such as Google, Facebook and Yahoo. The flaw possibly exposes passwords, credit card numbers and secret encryption keys.

Heartbleed is a massive security vulnerability that could be used if someone knew about it. But to clarify, Heartbleed refers to the vulnerability, but it is not an attack, a hack or a virus. The worst thing is that to date, nobody really knows if somebody actually used this maliciously.

Basically it is like someone left the backdoor to their house unlocked while they were on vacation. When they realized this after returning from their trip, they panic. But nothing appears to be missing from the house and everything seems normal, but there isn’t any way to know if someone came in while they were gone.

Only owners of the services (Google, Yahoo, GoDaddy) will be able to estimate the likelihood of what has been leaked, and are being instructed by the government to notify their users accordingly if evidence is found.

At this point, none of the major companies affected are saying that any information has been used for malicious purposes. However you should keep an eye on your credit card statements just in case and change passwords to all company websites that were affected. For a list of well-known sites that were compromised and have updated their systems, see this Mashable.com chart. Note make sure that the company has fixed the OpenSSL issue BEFORE changing your password.

Will this affect my website?
Most regular small business websites do not have SSL certificates and are not making encrypted transactions on their website. So the good news is that you’re business website was likely not affected.

If you have an ecommerce website, you can call your website host to make sure they have installed the patch and rekeyed your SSL certificate.  Our customer’s ecommerce sites have been patched on the host side.

We spoke with GoDaddy and Fatcow representatives, two of the hosts we regularly use, and they assured us that they have already taken steps to patch the security vulnerability and rekeyed their certificates.

Information from GoDaddy on Heartbleed.

Information from Fatcow on Heartbleed.

Companies that have their own servers need to talk to their IT specialists to make sure patches have been installed and their networks are safe.

Am I affected by the bug?

Everyone is likely to be affected either directly or indirectly. OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014 Web Server Survey. Your popular social site, your hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services. The good news is that no major banks have been affected.

Has this been abused in the wild?

We don’t know. Security community is deploying TLS/DTLS honeypots that entrap attackers and to alert about exploitation attempts.

Where Can I Learn More?
Read the U.S. government’s official alert. For a detailed explanation of the “Heartbleed” bug, visit heartbleed.com. CNN and FOX Business have reports on the issue. Another article on Heartbleed misconceptions.

Tags: Heartbleed
Share this entry
  • Share on Facebook
  • Share on Twitter
  • Share on WhatsApp
  • Share on Pinterest
  • Share on LinkedIn
  • Share on Tumblr
  • Share on Vk
  • Share on Reddit
  • Share by Mail

Recent Posts

  • Case Study: Underground Self-Defense WordPress Website Design
  • What Is a Domain Name and Everything Else You Need to Know
  • 10 Things to Do Before You Build a WordPress Website
  • How Not to Ruin Your Brand with Canva
  • What is Web Hosting and Which is the Best for WordPress?

Categories

Topics

1 Day Branding 1 Day Website blogging branding business branding business websites content management systems content marketing design ecommerce Enfold enfold theme free icons friday freebie Google Google Analytics graphic design Grow Your SEO how-to icon design icons logo design marketing networking rebranding responsive web design search engine optimization SEO small business websites tutorial web design Website Content website design website development website planning website redesign websites Wix wordpress wordpress how to wordpress plugins WordPress security WordPress training wordpress tutorial YouTube

Let’s Get Bizzy

© Copyright 2023 Bizzy Bizzy | All Rights Reserved

Email

info@bizzybizzycreative.com

Madison, WI

2002 Atwood Ave | Unit 211

Contact Us

LGBTQIA flagBlack Lives Matter flag

Newsletter Sign Up
Happy Valentine’s Day!What Do You Want to Be When You Grow Up?
Scroll to top
Get a Website Quote!

Fill out this form and we’ll be in touch to discuss your project!

  • Leave blank if you don't have one yet.
  • This field is for validation purposes and should be left unchanged.

Take the free Brand Archetype Quiz and download the free ebook by Bizzy Bizzy

 

What’s Your Brand’s Personality?

Take our free 1 Day® Brand Archetype Quiz and download our ebook to discover how your brand fits into the 12 classic brand archetypes!

Find out more