Heartbleed Bug Poses Major Security ThreatPosted by Chris Garrett / April 9, 2014
If security is important to you, read this.
eCommerce and secure website owners should call your hosting provider immediately to make sure they have protected their servers against the Heartbleed Bug.
There is currently widespread panic in the Internet community surrounding a vulnerability with OpenSSL – the extremely popular Internet security protocol.
The Heartbleed Bug was discovered this week by researches at Google and security firm Codenomicon. It affects more than two thirds of the Internet, most commonly Apache and Nginx servers (pronounced ‘engine X’).
The Heartbleed Bug allows hackers to ‘steal secret keys used for security certificates, user names and passwords, instant messages, emails and business critical documents and communication, without leaving a trace.’ Full details at http://heartbleed.com/
Many large software operators like, Mojang creators of online game Minecraft, have taken its services offline while the patches are applied. They are taking this very seriously, and with good reason.
You may never have even heard of Apache web server or OpenSSL, but chances are, you come in contact with it almost every day. Online stores use it to encrypt payments, secure websites use it to protect valuable information and it’s widely used in email and instant messages. It’s even used for your web-enabled home appliances like printers, home theatre equipment and even air conditioners.
Encrypted webpages have the prefix https://. The ‘S’ stands for secure.
Your hosting provider is the only one that can help protect your privacy. OpenSSL must be updated to the version released on 7th April, however you cannot know if you have already been compromised.
Concerned site owners should upgrade their website and all plugins to the latest version and re-issue all security certificates (SSL) after you are sure the server is secure. There are tools available to detect vulnerable servers, but you are better to talk with your data center.
KND Digital began the upgrades yesterday and are confident in our security measures.