What is the Heartbleed bug and how can I protect myself?

Is your website protected from the Heartbleed Bug?

If you have a website you may have an issue regarding software that you may be using on it.  This software typically is affecting those websites which use e-commerce, that is, software used to sell goods and services. A program called OpenSSL is used to manage security for these sites, has itself been exploited.  That means that hackers can open up the program and insert their code which will send back to them passwords and other sensitive information that SSL was supposed to have kept safe.  And it leaves no trail that it was even there. It is important that you know about this exploit and if it affects you.

What is Heartbleed Bug?

Last week, this new exploit appeared in the OpenSSL software program, which is used by many servers to manage SSL’s (Secure Socket Layers). OpenSSL is the software program which provides and manages a “certificate” of security for your website, thereby encrypting information coming and going to your site. You may or may not be using an SSL certificate on your website, but you really should know if you are or are not using one. The exploit was first discovered by a team of Finnish security experts and researchers at Google and disclosed on Monday. By Tuesday afternoon, a number of large websites, including Yahoo, Facebook, Google and Amazon Web Services, said they were fixing the problem or had already fixed it.

But more about you.

How do I know if I am vulnerable?

If you use E-commerce, that is, you sell goods from your website (like PayPal), you likely (but not in all cases) purchased an SSL Certificate that uses encryption techniques (private & public keys, and password).

OpenSSL is the program that installed your encrypted certificate to protect your website.  That program itself has been exploited. OpenSSL manages your certificate. If you are not using an SSL certificate, you can stop reading this now, you are safe. (If you don’t know, you should ask your webmaster or your Hosting Administrator).  OpenSSL versions 1.0.1 through 1.0.1f are vulnerable to attack.  That means that your passwords are vulnerable to leakage.

However, if you are not sure, you can check here:

Use this link to test your website to ensure that your website has been patched.
http://possible.lv/tools/hb/

What can I do to fix this problem at my end?

Talk to your Webmaster or Host Administrator to see if they have already checked for and/or installed a patch.  Commonly, shared hosting platforms have already been fixed.  You should definitely check if you are running on your own server, or even on a Virtual Private Server.

After you know you have been updated with the patch, ONLY THEN update your SSL keys and passwords.  Don’t change your password UNTIL AFTER you have the patch in place, otherwise you’re handing them over to the exploiters

Forward this article to friends and family and other chamber members

Paul Wagner
www.avwebmaster.com
661.450-8513

 

 


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>