I’ve always liked to imagine that James Bond is real. I find it comforting to think that there really are daring secret agents out there protecting the world from supervillains wielding doomsday weapons or trying to steal all the gold in a reserve bank. Reality is a lot less glamorous though. The worst thing affecting people’s lives this month are civil wars and antibiotic resistant bacteria, terrible, but not really the stuff of blockbusters. The worst thing threatening our property is an internet server bug called Heartbleed.
Heartbleed is a scary name for a bug in something called OpenSSL, software used in a lot of internet servers to help them use the SSL and TLS encryption strategies. It gets its name from the specific feature affected- a digital “heartbeat”. It was introduced back in December 2011, but wasn’t discovered, and patched, until this week. It’s not certain that anybody knew about it during this time, but if this knowledge was in the wrong hands, they had the keys to a lot of private data. Heartbleed would have allowed an attacker to learn the secret keys securing affected servers and intercept information that should have been secure. This is a big deal because the affected software was installed on the majority of servers running the internet, including those owned by companies that handle e-commerce and e-mail service.
Affected companies are scrambling to patch their software, change their private keys, and control the fallout. PureNyx is breathing a sigh of relief.
We started using SSL last year and now host e-commerce sites, but our clients where never vulnerable to Heartbleed. I’d like to say that I’m somehow directly responsible. I even have a great story involving a hang-glider and an exploding shark. Unfortunately, the truth is pretty boring. We chose our technology partners well and our hosting service never used the affected TLS extension. Many services had it active without needing it, we prefer to batten down the hatches better than that.
As always, we stay on top of issues that affect your sites. We were testing and looking for answers as soon as Heartbleed became public knowledge. This time, we didn’t have much to do.
If you have any questions about Heartbleed, or about the security of your site, please feel free to contact us. We want you to know your information is safe when you work with PureNyx.