Heartbleed: What You Should Know
Posted in Insights
Monday night a major bug in OpenSSL was detected. It’s called “Heartbleed.” Right away, it sounds like a terrible malady. And while it’s not really a virus, it really is not so good.
Here are 5 questions you should ask and we can answer:
1. What is Open-SSL?
It’s an open source software suite that is widely used to encrypt web communications. We use it to keep your data private and secure, especially in sites that feature e-commerce.
2. What’s Heartbleed?
It’s a bug in OpenSSL that allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, names, and passwords of the users and the actual content.
3. Is my site safe?
This one has two possible answers:
If FINE’s hosting your site, YES. Our extended hosting team stayed up late Monday night patching our servers before you probably heard the word Heartbleed for the first time. So if your site is under SSL, we’ve already acknowledged and patched it.
If FINE’s not hosting your site, MAYBE NOT.
Contact your hosting provider or IT team right away and ask what they’ve done to address the bug. Send them on over to http://heartbleed.com/ to get them started.
4. My site’s safe. Should I still worry?
Yes. Even though Heartbleed was recently detected, the bug’s been around for a couple of years. It affects the majority of encrypted traffic on the web with no way to detect if a server had been compromised. We recommend verifying that every online service that keeps your personal data has been patched and reset your passwords ASAP.
5. Are there other sites or passwords I should worry about?
Since OpenSSL is widely used, the Heartbleed bug has affected a number of social networks and cloud-based services, including major networks like Facebook, Instagram, Yahoo, and Google. Mashable has compiled a list of affected sites, but it's probably best to err on the side of caution and update your passwords for any service or online profile that contains your personal data.
Want some help with securing your digital world? Read our project managers' Pro Tips for How to Handle Heartbleed.