Theres been a lot of talk about the Heartbleed vulnerability lately, so heres what you need to know: - If we built your website then you and your customers are not at risk because we dont use OpenSSL. - If you use the same password on multiple sites remember it only takes one site to be breached before they potentially have access to everything (even sites which werent vulnerable). If you use the same password for multiple sites, go and change it so that each login uses a unique password. - This vulnerability has existed for MORE than 2 years, so if you get an email from anyone saying everythings okay because we patched our systems within a few hours of being notified, know that this isnt the case and you should change your password. - There is NO way for anyone to tell if they have been breached or not within the last 2 years, so if you get an email from anyone saying they werent breached, know that they cant tell and you should change your password. - The heartbleed vulnerability allowed people to read information on the server where your website is hosted. Including being able to request the secure private SSL keys meaning that they were able to decrypt and read all of the secure traffic from your website giving them potential access to your credit card information amongst other data. This snooping could have happened at any time during the last two years. - Any websites that have had their private SSL keys taken will STILL be vulnerable, unless the website replaces its SSL certificate AFTER patching. Ultimately the best thing for you to do right now is to change your passwords everywhere and always keep an eye on your credit card statements to make sure that there are no odd transactions! If youve got specific questions, feel free to post them below :-)
Posted on: Wed, 23 Apr 2014 07:02:03 +0000
Trending Topics
Recently Viewed Topics
© 2015