You may have heard the term “Heartbleed” over the past few days relating to online security. If you didn’t, buckle up, it’s about to get real scary because it could affect anyone. Everyone. Even you.
What is Heartbleed?Heartbleed (CVE-2014-0160) is a security vulnerability found in OpenSSL which is an open source library that is used by numerous developers and companies to protect your username, passwords, and other sensitive information online.
So what does this really mean?What this vulnerability gives hackers the ability to do is force your browser to dump 64 kilobytes of unencrypted data from the server's memory. This means usernames and passwords could be easily grabbed by hackers. It could also mean they grab meaningless data. You may not be affected, or, you may not see any attacks or fallout for months.
Lifhacker estimates that 66% of the web uses OpenSSL That’s a massive number. Lifehacker suggests using this site to see if a service you use has been affected. There is a list here to see if websites were vulnerable.
What can you do to protect yourself?
Educate yourself. Check out the list above. Look for official statements from any sites listed as vulnerable. Yahoo was vulnerable to the bug, but they have since patched it and updated their users via their blog. If you see a statement like this from any service that you use, we recommend that you update your password immediately.
- According to the above list linked, Wordpress and Joomla were not affected but they have both released version updates of their CMS. Contact your web developer for more information if you have any questions about how this could possibly effect you and your business online.
- If you’re a HubSpot user, they posted a blog this morning saying that they were not affected by the vulnerability, but suggest you change your password anyway. HubSpot is also replacing all of their SSL certificates as a precautionary measure.
- For users of our apps, SnapEngage, Shopify, or BigCommerce have all issued statements about Heartbleed. SnapEngage was not affected, but both Shopify and BigCommerce have patched any vulnerabilities in their systems. However, they all recommend changing your passwords. None of our apps or integrations use OpenSSL on our side.
- For our customers who we host Wordpress sites for, they have all been updated along with any plugins. If you are a LyntonWeb customer and have any further questions, please contact your account manager or email email@example.com.
If you are still confused about what Heartbleed is, this comic from XKCD explains it perfectly.
In short, update your passwords, and make sure you use a unique password on every website.