Here’s a picture of an adorable quokka. It has nothing to do with the Heartbleed bug or openSSL security, it is there to help you relax. Everything is going to be ok. We here at Webtegrity have been called by a few clients that were asking about the safety of their SSL certificates with the news about the Heartbleed SSL bug. We are combing our research and personal experience to take your next course of action.
First off, just what is the Heartbleed SSL bug?
What is SSL and why should I care for that matter. Great questions, we’ll start with SSL. SSL is the Secure Socket Layer that encrypts website data. Most websites use a version called openSSL, the version of SSL that is effected. You may have heard it called Secure Server License too.
In plain English, it’s the software that makes that little “lock” icon appear in your browser when you shop or surf the web. What happens behind the scenes is anything you are doing in that window is encrypted. The data is then sent back and forth between your browser and the website you are surfing on safely so that no one else can capture your credit card info, your personal details or your passwords. You can see now why folks are panicking hearing that the OpenSSL has been attacked.
This is NOT a virus. It will NOT be blocked by any antivirus software on your computer. The Heartbleed bug is probably best described as an old fashioned keyhole. If you look in a keyhole, you can see and hear what is going on inside the room, but you aren’t able to get into the room. However, someone in the room may talk about their banking accounts, or worse yet, talk about how to get into the room itself. So a hacker may have been able to read your passwords looking through this security break keyhole.
Who is affected by Heartbleed bug?
It could be you… but take another look at the quokka and try to relax. If your website or the websites you are shopping on uses openSSL, the current recommendation is to wait until they announce they have fixed the bug, then change your passwords. Most services have already fixed the problem, and those that haven’t are quickly working on the fix.
Without going into the boring mechanics and details of how SSL certificates are fixed, we’ll just say that there are already fixes rolling out. In fact, not all of their SSL certificates are even effected by the Heartbleed bug.
Rest assured, we are diligently working on making sure our clients sites are secure and safe. Should our clients have any questions, as always, they can give us a call. We’re here to help.