As many of you are probably aware, a bug was recently discovered in the OpenSSL software used by roughly 2/3 of the sites on the Internet for SSL encryption. This is known as the Heartbleed bug. You are likely wondering if your site hosted by Smart Solutions is affected by this problem. That answer depends on the type of site(s) you have with us. It is likely that you are not affected, but there are a few cases where it may be.
Sites that are not affected:
- Sites that do not use SSL (encryption);
- Site that use SSL for a secure Pixelsilk form (donations, etc..);
- Site that use SSL for a secure Impact form;
- BV Commerce stores that use SSL.
Sites that may have been affected:
- Magento or WordPress sites that use SSL;
- Custom sites hosted on a Linux server using SSL.
The above had software versions that included the Heartbleed bug. We have already taken the necessary steps to patch the problem and the site is no longer susceptible to the Heartbleed bug.
What should you do about your site?
While there is not yet a way to determine if the bug was exploited, the likelihood is small. However, to be on the safe side, you should immediately change any passwords that you used to log on to the administration area of the site if it is in the affected list above.
What should you do personally?
You should immediately change your passwords on any of your social media, email or other sites that were affected by the Heartbleed bug. A list of known sites can be found at Mashable. As a safety precaution, you should also change the affected password that you used on unaffected sites.
Password Best Practices
In general, you should use unique passwords for each site to avoid one password compromising all of your accounts. We know this puts more of a burden on you to track those passwords; however it is the best way to stay safe. If you do not want to do that, please at least follow that advice for any sensitive sites such as banks, email, etc..
It is also recommended that you change your passwords on any sensitive sites at least once per year. This is simply a precaution but can save you a lot of headaches if there is a compromise.
In closing, if you have any questions about the your site or you do not know which category your site falls into from the above list, please do not hesitate to contact us at firstname.lastname@example.org or via telephone at 541-388-4298.