Over the last couple of days you would have heard some news about Heartbleed. Since we have been asked by our clients about this vulnerability, we decided to write a little post about it.
What is the Heartbleed bug?
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected (e.g. usernames, passwords, credit card information), under normal conditions, by the SSL/TLS encryption used to secure the Internet. For more information about the Heartbleed bug, go to heartbleed.com.
Am I vulnerable?
If you don’t run a website that uses HTTPS (which lets your users connect securely using their web browser) then you don’t have to worry about this. If you do run a website that uses HTTPS then you have to contact your hosting provider to see if they have replaced the vulnerable version of OpenSSL with the fixed version of OpenSSL. Any websites hosted by Robico Web Solutions are safe from the Heartbleed bug.
While your website may not be affected, it’s more likely that high profile sites such as Facebook, Twitter, Pinterest and Google+ would have been targeted to steal user information and decrypt secure channels. With that in mind it’s important that you change your usernames and passwords, particularly sites that you have signed into since April 7, 2014, when the vulnerability was released.
How do I make my website secure against the Heartbleed bug and other vulnerabilities?
As long as you are using the vulnerable version of OpenSSL, you are open to attack. You need to update to the fixed OpenSSL. You can contact us to help you check if your website is secure against the Heartbleed bug. We recommend you do this simple things to make sure your website is secure:
- Change your website passwords at regular intervals. If you keep the same password for years, then it is at risk of being stolen and bad people can hijick your website.
- Keep an eye who signs up to your website. If you have a membership website, you can ensure that you have to manually approve new account requests. Members can have special permissions on your website to upload files and to write content that is visible to the public. By manually approving accounts, you can reject people who you feel will put your website at risk.
- Update your WordPress or Joomla website to use the latest stable version. These CMS suppliers release regular updates to the code to increase the security of your website against new types of attacks.
Contact us today to get a quote to maintain your website to keep it safe and secure.
