Small Business Marketing News

The latest news, tips, how-to-guides, freebies, offers and interesting articles to help your business succeed online

Siteglide Not Affected by Heartbleed Security Bug

15-Apr-2014

So what is Heartbleed?
The Heartbleed bug preys on websites that use OpenSSL - an encryption library that is used to store secret keys and other data. Typically used for sites that contain shopping carts (eCommerce) or payment gateways, SSL stands for Secure Socket Layer and OpenSSL just means that it is not 'proprietary' but 'open source'. OpenSSL is also used to implement TLS (Transport Layer Security) protocols. In essence SSL and TLS are cryptographic protocols used in secure data handling over the internet. The bug was first spotted by an engineer at a Finnish company Codenomicon, who reported it to Google (reportedly on April 3rd). Both Google and Codenomicon claim to have discovered the bug independently of each other, but rather curiously Google's security engineers had already developed a patch by March 21st!

What is at risk from Heartbleed?
The Heartbleed bug negotiates the OpenSSL encryption library in an attempt to 'steal' any private encryption keys; these can then be used to decrypt previously parsed and stored data thus discovering sensitive data such as usernames and passwords. However, we are not sure whether credit card details could also be deciphered through Heartbleed. Even the Heartbleed website does not specifically mention card details - see http://heartbleed.com.

Who has been affected (to date)?
We suspect that there are many websites and companies affected who have not yet 'gone public'. Those that we know of include the ever-popular Mumsnet (with over 1.5 million members), the Canadian Tax Agency (where some 900 Social Security Numbers were 'stolen'), Cisco Systems (routers, firewalls and switches affected), Flickr.com, and Yahoo.com (and its related services) to name but a few.

What's being done to stop it?
Most server administrators will have by now installed a security patch (written by two Google programmers) that will fix this bug.

The wider implications.
Whilst Siteglide customers can rest assured that their data (and their customers' data) is safe from Heartbleed, most of us will have been at risk from the Heartbleed bug. Each time we do business online, we stand the risk of carrying out transactions on a server which has not yet been patched. Most of us will have heard of or used Wetransfer.com - yet that domain was on the Heartbleed risk register as 'Vulnerable' on April 8th. If you want to check any website for Heartbleed vulnerability, you may find this link useful: https://filippo.io/Heartbleed/. Just remember that if you are checking your own Siteglide website, you should use the WorldSecureSystems URL (e.g. https://yourwebsite.worldsecuresystems.com) or the checker will not resolve. If you have any questions about Heartbleed or your website's security, just get in touch with us at http://www.siteglide.com/contact-us.

Robert Wakefield

Robert Wakefield

Robert Wakefield founded Siteglide in 2012 after having worked in the web design, SEO and IT sector since the mid-90's. Robert's main interests include website usability, visitor experience, SEO and website marketing in general.

comments powered by Disqus

Subscribe to our Blog Digest Email

Keep up to date with the latest news with our monthly blog digest email.


Subscribe for Small Business Marketing tips and news

Sent to your inbox each month


Categories


Archive



Join Us Online

  • Twitter
  • Facebook
  • LinkedIn
  • Google Plus

Latest Tweets

Interested in Siteglide? Request a demo or free trial now.

30 Day free trial