Check Your Heartbeat
The Internet has been abuzz the past few days over the Heartbleed security flaw that has potentially exposed many internet users to a major security flaw in the widely-used OpenSSL security library, utilized by webservers across the Internet. What exactly is heartbleed and how can you know if your site is secure?
Bleeding your sites heartbeat
The Heartbleed bug gets its name from the "heartbeat" data transmission that happens during a secure connection between a user's computer and a secure web server. When a user's computer is connecting with a secure server, random bits of data are exchanged between them so each each end knows that the other is still active. This "heartbeat" is there so that if something goes wrong in the transaction, it can be aborted; it's actually meant as a safety feature. Unfortunately, due to a small mistake in the secure coding, it's possible for malicious users to tap into the "heartbeat" and take the data sent by the user. This Heartbleed may have completely useless information, or it may contain sensitive information, such as banking log-ins. If you'd like a more detailed explanation of exactly how this happens, check out this helpful article from Gizmodo on how heartbleed works.
How do I know if my site is affected?
This bug affected many websites, even such web giants as Google and Yahoo. HEROweb has already evaluated its servers and patched any vulnerabilities. If you want to make sure that your site's secure connection is correctly updated and not exposed to the heartbleed bug you can do the following:
- Retrieve your website's secure URL by simply starting an order on your site, proceed to the checkout page, and copy the URL of the checkout page. (It should start with https://.)
- Go to http://filippo.io/Heartbleed/. This is a free site that has a diagnostic test for secure servers.
- Paste your site's URL and see the results displayed on the page.
HEROweb customers should find that their websites are secure. If however, you find a problem, contact HEROweb or your web provider immediately.