Articles and Emails about the “Heartbleed” have flooded the news and internet. The reason is because it’s such a wide spread security issue. Most of the websites you use all the time may be insecure until the companies fix them.
What is Heartbleed? (A Simple explanation)
To simplify the issue for the sake of space and clarity, Many websites use something called SSL and place a padlock in your web browser to show you that the connection is secure. A secure connection between you and a website is like the the water pipe between your home and the water company, this connection is then verified secured. Common websites which do this are your bank, Facebook, Google/Gmail, Etc.
The Heartbleed Issue is a “loophole” where a person can bypass the security of a website. In my analogy, it means that somewhere between your house and the water company hackers can bypass your security and tap into your pipe and see all the water in your pipe. In terms of websites, hackers can use this “loophole” to view transactions, passwords, emails, etc.
Here is a more detailed explanation for those wanting more information:
What have we done?
For those of our clients who accept credit cards on their websites (usually with Stripe.com), we have made sure our web servers have updated to close the Heartbleed Bug and we have had our SSL certificates reissued.
I have also begun changing all the passwords I use to access your website. Better safe than sorry. (this is a major pain, but it has to be done)
What should you do?
Make a list of all the website you want to ensure are secure. My personal list includes the following: Banks, Social Media, Email, Services like Dropbox and Netflix.
Use the steps below to confirm that the Heartbleed bug has been fixed, and update your password
- Check to see if a website has been fixed here: http://filippo.io/Heartbleed/
- Log in to the website like normal
- Change your password
- Monitor you account for unusual activity and contact the company at the first sign of trouble.
Security Checks as of 4/11/14:
- FHB.com- NOT Secure, do not log into the website yet.
- facebook.com- Secure
- gmail.com- Secure
- www.pacificrimbank.com- Secure
- amazon.com- Secure
- Netflix- Was vulnerable, but secure now