What is The Heartbleed Bug?

Posted by Paul on April 11, 2014

The Internet has been panicking this week at the discovery of a serious vulnerability that may have compromised passwords and data on many of the most popular sites.

What is "The Heartbleed Bug"?
A vulnerability that potentially allows a hacker to access passwords and data on a webserver and of users connected to that webserver (i.e. users on your website).

Has my data been compromised?
If you use the Internet then possibly. It's possible that the vulnerability was discovered by hackers before it was discovered by security experts. It has existed since 2011 and may have been used since to access data but there's no way to tell.

Is my ecommerce site affected?
All of our servers have now been patched and the vulnerability closed. We currently have no reports of security breaches.

What should I do next?
It is always wise to change passwords regularly and it's safe to do this now.

What's the worst case scenario?
On the Internet as a whole it's theoretically possible that  thousands of usernames, passwords and sensitive data including card details have been collected by hackers.

What's the best case scenario?
It took an incredibly skilled team of security experts, including some of the best brains at Google to find this vulnerability. It's possible that they were the first to find it and no data has been compromised.

What's the most likely scenario?
The vulnerability probably hadn't been found before so it's likely that data hadn't been compromised. However, now the security hole is in the public domain, servers running the vulnerable version of OpenSSL need to be patched immediately. Hackers will already be running scripts to detect machines that haven't patched this hole, so updating your server's software is essential. If you host with Antropy, this has already been done. 

blog comments powered by Disqus