What is the Heartbleed Bug that we’ve been hearing about so much in the news?
The Heartbleed Bug is a vulnerability in the OpenSSL software library. The OpenSSL software is used by millions of web servers across the globe. Many websites from Google to small sites on shared servers have been affected by this bug. However, while the news was spun by many as a major security issue affecting millions of us, the actual details are a little less alarming, as it does not affect all of the world’s web servers and there are is no direct knowledge of this vulnerability being exploited. If your website does not use SSL then you are not directly affected, but it is still in your interests to change all your passwords as a standard security measure.
The bug is in the software library used in servers, operating systems and email and instant messaging systems. The software was set up to protect sensitive data as it travels back and forth. This weakness allows access and theft of the information, which includes the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the server, users and can impersonate services and users.
OpenSSL is the secure system by which your computer and the system it’s contacting identify each other. It transfers your secure data from A to B without anyone intercepting this communication. Without your knowledge, the Heartbleed Bug enables the interception of the data transfer.
We will be contacting customers to recommend passwords changes. If you have any questions, please contact us.