By now you’ve likely heard of the serious vulnerability affecting a large portion of websites that use SSL/TLS encryption. The Heartbleed bug makes it possible for anyone to steal secure information without leaving a trace of intrusion – a fact that makes it almost impossible to know if your site has been compromised in the past.
While larger sites are already proactively responding to the challenge, smaller companies will also need to take steps to ensure that their site is secured.
How to Tell if Your Site is Vulnerable
To clarify, Heartbleed only affects sites that use OpenSSL encryption. If you use some other type of encryption, your website should not be affected.
However, since the vulnerability is server-side, a lot rests on your web hosting provider. You can check your website’s server by using this helpful tool created by Filippo Valsorda to see if your site is using the compromised version of OpenSSL.
You can also directly contact your web host and find out the status of your server. At the time of this writing, GoDaddy, HostGator, Yahoo and most other major hosting companies are in the process of patching all vulnerable servers.
If you have a VPS or are otherwise in charge of managing your own server configuration, you will need to have your IT department check for the vulnerability and patch as required.
How to Stop Heartbleed
If your web server is compromised, patching to the latest version of OpenSSL is the first step to minimizing the impact. However, you will also need to change your passwords in order to prevent unauthorized access in the future.
As an added security step, require users with administrative access to change their passwords as well.
If you run an ecommerce site, letting your customers know exactly what steps you’ve taken to secure your site and protect their information will go a long way towards improving consumer trust and retaining customers.
Resources
- Heartbleed overview: http://heartbleed.com/
- Heartbleed testing tool: http://filippo.io/Heartbleed/