The Heartbleed Virus


So I said to Aaron, our tech guy, what’s the deal with this Heartbleed virus? He replied thus:

Heartbleed is a bug that came out a few weeks ago. The bug allows remote attackers to read 64k of memory of systems running the newest versions of openssl which do not contain the fix. That means an attacker can read your server’s memory and steal usernames, passwords, the secret keys of your SSL/TLS encryption to crack secure communications and other sensitive information. I had a look into our sites and most of them don’t use HTTPS so we’re mostly okay. Even though we’re not sending or receiving any sensitive information, I ran security checks on the sites that do, reissued our SSL certificates and changed passwords.

So everyone clear on that?

No, OK, I’ll clarify, Heartbleed is after data, usernames, passwords, credit card numbers, that sort of thing. Most of you reading this, particularly our clients, don’t collect client data.  So Heartbleed isn’t interested in you and you don’t need to do anything.  It’s after sites like Mumsnet with lots of members. If you’re still worried and want a new password to the back end of your site drop us a line and we’ll sort it out for you.

On a personal note, it’s possible that a site has been infected that you might be a member of and I would strongly recommend changing your passwords on personal email accounts and sites that you shop with. Particularly if you use the same password for everything.