Apr 09 2014

No Ebeacon Sites Affected by Heartbleed – Security Still a Concern

If you’ve been online this week, you will have heard about the Heartbleed bug—a serious vulnerability in the OpenSSL cryptographic software library that allows attackers to steal data from services and users, and eavesdrop on communications.

Fortunately, all the sites we’ve developed here at Ebeacon did not use the version of OpenSSL that contained the erroneous “Heartbleed” code. We weren’t vulnerable. We will continue to patch our servers with all the latest updates, but we want to reassure our clients that we’re in good shape as far as the server, security, and Heartbleed are concerned.

Of course, if your users have used the same password on your Ebeacon-hosted site that they used elsewhere, and that password was compromised via Heartbleed, then their account may be vulnerable. This is the danger of password re-use across multiple sites. We recommend all users change their passwords. To be effective, however, the password changes must occur after Heartbleed vulnerabilities are patched, so we’re suggesting users wait a week. Otherwise new passwords can be compromised by the same problems.

If you have any concerns about the Heartbleed bug and how it might affect your site, please contact us.