You may have heard about a recently discovered vulnerability – the Heartbleed Bug. It’s a flaw in a package called OpenSSL which runs on millions of web and email servers, including our own.
The bug was discovered by Google Security and Finnish security company Codenomicon, and revealed on Monday.
Named “Heartbleed” the bug exploits a failure an an extension called Heartbeat and allows attackers to read encrypted data and take the encryption keys used to secure the data.
SSL – or Secure Socket Layer – is the most common way of securing data transmitted and received from websites and is essential in protecting banking, online shopping and other services.
The problem is about as severe as it gets – its impossible to tell if a site has already being compromised or data stolen in the two years that this bug has existed, and it could be said that servers affected by Heartbleed are more vulnerable than if they had no encryption at all.
Here at Baxter Media, we patched our servers as soon as a fix was available and we’ll be working through getting current SSL certificates reissued as soon as possible.
In the meantime, current advice suggests that rushing to change your passwords may not help at the moment and may even make things worse, as any unpatched servers remain vulnerable. It is also possible to manually check websites for Heartbleed, but that’s a rather cumbersome process.
We’ll post more advice here as more becomes clear, and if you need help choosing a strong password, why not head over to our secure password generator.