HeartBleed AnnouncementApril 15, 2014
There has been a lot of news coverage, for good reason, of the significant vulnerability found in OpenSSL, dubbed "heart bleed", that was announced last week.
Further to the announcement we sent to clients via email, we want to reassure all of our clients that the servers Biz-Zone maintains are not and have never been affected, as we used a different version of OpenSSL. This means that you can reassure your members and/or customers that their information was not at risk due to this vulnerability.
For your own personal protection, we would recommend that you update your passwords on all sites you have registered with by following these two steps:
- Find out if the website has the OpenSSL patch in place. As Biz-Zone's senior programmer explains, now that the vulnerability is known a lot of hackers are looking for vulnerable sites, so you don't want to update your password unless a site is patched.
- Change your password to something strong and unique. I know people don't like this, but it is necessary. Password vaults like KeePass or Password Safe can help you manage multiple passwords. Also, experts now recommend that people focus on long passwords, with 12 or more characters, rather than shorter passwords that combine letter case changes and numbers. We need to use password phrases, not just simple passwords.
Also, here are some important clarifications that were also sent to clients last week.
There are really three important things to understand about the recent HeartBleed vulnerability:
- The HeartBleed bug affects the entire computer, so it will impact all accounts on a single machine. The computer will be vulnerable if it responds to SSL and is using an unpatched version of OpenSSL.
- As a result, since most web hosting accounts will have multiple clients on a single computer, it is not enough to know whether your particular account uses SSL. You need to ensure that if there is an account that will respond to SSL, that it either uses an unaffected or a patched version of OpenSSL.
- Since software programs like Biz-Zone's content management system, WebPortalOne use the server's installation of SSL, you don't have to worry about vulnerabilities in the programs themselves.