Heartbleed Bug Simple Q & A

By now you have probably seen the news about a recent security exploit for many sites using the “s” in the https URL.  There’s a lot of doom and gloom in the media, so I wanted to help break down what’s going on and how it might affect you and your business.  We are currently in the process of building a plan to change all passwords on nxtConcepts client websites, social networks, and notify you of other places you should change old passwords.  We know this is a PAIN, but  it is REALLY important to give this the attention it needs.

1. Does this Heartbleed bug personally affect me?

The simple answer is yes.  If you have ever created a user/pass combination on a site that used SSL technology, chances are someone may have access to your information.  Also, if you have ever used the SAME password for multiple account, you are most likely affected.  Here’s a quicklist of sites affected:

Facebook, Pinterest, Tumblr, Yahoo, GoDaddy, Intuit (QuickBooks), DropBox,

Google-search, email, YouTube, Wallet, Play, and Apps

For a full list go here:

http://mashable.com

Note-on a positive site, banks, government agencies, PayPal, and Target were not affected.

2. Does this Heartbleed bug affect my company website?

Maybe.  If you have an ecommerce cart using a SSL, then, you will need to check with your hosting company and/or where you purchased your SSL to see if they have completed the patches.**

**3. If you use Bluehost.com, then the patches were made as soon as they were identified.  And, the SSL security keys were reissued.  According to Bluehost, the duration was very short so they have not seen an issue with this bug so far.  Here’s a link to more detailed info from them:

http://www.bluehost.com/blog/uncategorized/bluehost-update-heartbleed-bug-need-know-3298/

4. How can I check a https website to see if it is affected or not?

Go here: http://heartbleedcheck.com/

5. Where do we go from here?

We have a list of all the websites and social networks that we work with you on.  So, we can go ahead and start changing those passwords and then send you an updated list of accounts and passwords.

As for your website, we recommend having everyone change their passwords.  Just to keep away future issues.

Joomla sites (2.5 & 3.0) & WordPress : we can install a small piece of software to force a password change the next time someone logs into the site.  I recommend this, but we will not add it until you give us the ok.

Other sites we manage – please contact me directly for options.