Heartbleed Bug

If you have spent any time reading the news or even watching late night shows you may have heard about the heartbleed bug and been wondering how services we provide may have been affected. At HTML we offer many different services from many different providers and their responses have all been different. Most of our services were never affected in anyway because the OpenSSL protocol was never in play, those that were affected have since resolved the vulnerability in most cases. If you want to know for sure it is best to check with the specific service provider, almost every single one has a blog page setup with a statement regarding what steps have been taken and what they suggest.

The big question you may have if you host with us is: was my customers information compromised due to the Heartbleed bug? The answer is NO. Our web hosting platform takes security very seriously. They conduct regular security assessments and work to address security vulnerabilities to protect our customers and their data. They also conduct ad hoc tests if a security threat, such as the Heartbleed bug, is brought to their attention. Accordingly, their security engineers have tested for Heartbleed and confirmed that customer sites are not vulnerable as of the date of this post.

The Heartbleed bug is currently impacting the open source software OpenSSL, which is used to encrypt web communications. The vulnerability can allow attackers to access encrypted data and communications. Fortunately, the version of OpenSSL we use is not either of the versions impacted by the vulnerability.

There is a tool available here, that you can use to check your site. We have run all of our customers sites that have ecommerce platforms through the tool just to be on the safe side and they all came back clean.

The software we use for our billing portal (Freshbooks) has patched their vulnerability within 4 hours of the bug becoming public knowledge, and you can read their full response here.

We always feel for best security it is a good idea to change passwords on a regular basis, not use the same password for every site and ensure your passwords are strong by using long strings that include a random number, capital letters and symbols whenever possible.

If you want to understand how the Heartbleed bug really works, check out the graphic below:



Mashable has a great list of services you may want to change passwords for in order to help protect about the heartbleed bug.

Leave a Reply