Keeping your Website safe from the Heartbleed bug

< Blog
Updated on: August 23rd, 2022Ken Braun5 min read
Keeping your website safe from the heartbleed bug

By now most people have heard about the Heartbleed bug as there have been plenty of “scare” news stories out there. However while those stories have covered some of the basics and inspired a lot of fear in people, they often failed to be very informative.

So what do you, as a business owner, need to know about this bug and how will it affect your business and your customers?

The Heartbleed Basics

The problem with the bug occurs in systems that use OpenSSL, which is an encryption library. It is one of the programs used to create secure web connections and as many as two-thirds of the internet use it. The use of encryption software, like OpenSSL, results in that “padlock” icon in the browser when you are doing things like e-commerce or banking and basically helps protect when your browser talks to those websites. The idea behind SSL is to make things secure so nobody can listen in on the information that is being sent.

The name of the bug is related to a program feature called “heartbeat” that was added about two years ago to OpenSSL that contains the flaw. Obviously this means the problem has been out there for a while and thus why there is a concern that information ‘could’ have been compromised. However it is an isolated programming bug found only in certain versions and is not a design flaw in the underlying SSL so it can be fixed with a software patch or upgrade.

Of course if your organization doesn’t use OpenSSL then you do not have a problem.

Why Does It Matter?

Obviously you don’t want to have customers avoid your site because of concerns over data loss. In this case, the types of data that can be disclosed to attackers are usernames and passwords which can completely undermine site security and result in large data breaches. So if you are the owner of a website that uses e-commerce or has other secure data then you will need to address the Heartbleed problem.

What Should I Do?

Here are the steps everyone should take to make sure that their website is safe:

  • Check to see if your company is using OpenSSL. Ideally your IT staff, or an IT Contractor that you use, should be able to provide this information. You can also go to this website – https://filippo.io/Heartbleed/ to test a website.
  • If you are using OpenSSL and you identify which systems are affected you need to upgrade to a version that is not that is not vulnerable. After installing the upgrade make sure to restart those services to activate them.
  • Next, revoke the old SSL certificates, create new encryption keys and obtain new SSL certificates. While some people might think this to be an excessive step, it is a smart move to make considering that the problem has been out there for approximately two years. Additionally it can be difficult, if not impossible, to determine if a certificate and keys have been compromised to this step ensures protection.
  • Now that your site is repaired and protected it would wise to notify your users with a recommendation that they change their passwords.
  • For businesses that use an IT provider for things such as cloud services, you should contact them to see if their services were impacted. If they are fixed make sure to change your passwords.

On a personal basis, there are a few large sites, such as Google and Yahoo, which have admitted to problems with Heartbleed. You can use the link above to check on them. However make sure any sites with problems have fixed their problems prior to changing a password because otherwise you are just disclosing another password.

The Bottom Line

Internet security is always a sensitive topic. When people first started to use the internet for business transactions the biggest concern was the possible loss of data. With recent breaches on a large scale by hackers attacking retailers the importance of data security is certainly a hot button topic once again. To that end make sure that your business information, as well as your customers information, is protected and safe.

 

 

Published on: April 17th, 2014

Related articles

Responsive or adaptive web design
6 min read

Responsive or Adaptive Web design

August 23rd, 2022

Have you heard the term, “post-PC world” before? It was popularized in the past few years as people have talked about the downfall of the desktop [...]

Trademarks and your website
5 min read

Trademarks and your Website

August 23rd, 2022

Do you need to trademark your brand? That is a pretty important question that a lot of businesses might have not even considered. For bigger businesses, [...]

Top characteristics of great marketing content
5 min read

Top characteristics of great marketing content

August 23rd, 2022

Why should useful content be at the core of good marketing? The simple answer is because consumers have slowly shut themselves off from what we know [...]

What is a long tail seo keyword
6 min read

What is a Long Tail SEO Keyword

August 23rd, 2022

Is Long Tail SEO useful? That is a good question and also a good example of a long-tail keyword. Confused? Don’t worry, we explain everything you [...]

5 things you are doing wrong with your content
5 min read

5 Things you are Doing Wrong with Your Content

August 23rd, 2022

You might think that an article about the five things you should do with your content would be more useful than learning about five things you [...]

Using the right seo tools
6 min read

Using the right SEO Tools

August 23rd, 2022

The saying goes, “A craftsman is only as good as his tools.” While this saying should be updated to include her tools as well, the concept [...]

Keeping your Website safe from the Heartbleed bug
Share On:
Newsletter Sign Up

"*" indicates required fields

0 of 60 max characters
0 of 60 max characters

Request a Proposal

Fill Out Our Form & We’ll be in Touch Shortly

"*" indicates required fields

Name*
Type of Project**

New York City
112 West 34th Street
18th Floor
New York, NY 10120
Long Island
991 Main St.
Suite 200
Holbrook, NY 11741
Washington D.C.
1101 Connecticut Avenue NW
Suite 450
Washington, DC 20036
Nashville
424 Church St
Suite 2000
Nashville, TN 37219
Los Angeles
1100 Glendon Avenue
17th Floor
Los Angeles, CA 90024
Miami
1221 Brickell Ave
Suite 900
Miami, FL 33131
Charleston
170 Meeting Street
Charleston, SC 29401
Richmond
919 E. Main Street
Suite 1000
Richmond, VA 23219