Internet security breaches are never fun, but this latest one, Heartbleed, is particularly troublesome. This information is being updated in real time as I am writing this but latest estimates show that upwards of 66% of sites across the internet are affected, including popular sites such as Yahoo, EventBrite and OKCupid. This bug, introduced over two years ago through an open source contribution to OpenSSL, an encryption tool commonly used across the internet to secure your data. Yikes! It was only discovered on Monday by a team of Google engineers.
For our ThinkResults clients, we have checked all of our sites and none of them appear to be affected. I put this out this morning on all our social media channels (follow us on any of the channel links above). We have one client who uses a third party payment site that we can’t yet confirm is secure (this client knows this and I’m not naming the third party as I don’t want to point fingers online until we have answers!).
The exposure is not actually on your site but contained in the hosting package, particularly if you have an SSL. All of our current clients are on GoDaddy (and most of our past clients as well) and GoDaddy has confirmed that they have done all the necessary updates to remove this code and protect data once again.
To summarize the situation, as Lisa Stambaugh, our Web Diva, so eloquently put it this morning:
All websites fall into these categories:
- Was never a problem.
- Was a problem, now fixed – time to change your password.
- Was a problem, not yet fixed – need to wait to change password until they say it’s fixed.
What does this mean for you as ThinkResults clients and as internet consumers?
1. If you are truly paranoid, stay off the internet for the next few days as everyone scrambles to re-secure our lifeline here. This is a real-time online crisis situation.
2. Start changing passwords on sites that have confirmed that they have issued the necessary fixes. The Top 100 internet sites and their Heartbleed fix status are listed here and this is being updated real time. (For our clients, we will be changing passwords on sites we manage for you as they are patched.)
3. DO NOT change passwords on sites that have not yet patched. That will just perpetuate the problem. See above. 😉
4. Install the Google Chrome extension that detects the Heartbleed bug. The Google security team detected this bug so it makes sense to trust them to protect us (I also know one of their lead security engineers and she is a rock star!). It apparently does generate some false positives – but that is far better than a false negative.
5. Check your bank and online statements carefully for any suspicious activity. This may take a while to resolve, so be prepared.
6. If you want to check other servers that we are not managing, you can do so with this Heartbleed testing tool.
This security flaw is an interesting issue since it was developed by the open source community yet who do not have the resources to fully test their work and used by many commercial companies who didn’t bother to test either (really?!). The jury is still out on what this will mean moving forward but I do predict a shifting tide in reaction to this massive breach.
As always, we are here for you at ThinkResults. If you have any questions about the security of your site, do not hesitate to contact me at any time.
– Jenn LeBlanc, M.S.
Jenn LeBlanc, CEO & Founder of ThinkResults Marketing, works with tech CEOs and CMOs to drive results. Whether it is a 350% increase in web traffic, a 1400% increase in online leads, or a 400% increase in conversion rates, Jenn delivers results.
Call for a free 30-minute consultation about your marketing project with Jenn. Email us to set up your complimentary consultation and start driving your results today.