Will the Heartbleed security bug affect security on your site?
When you’re a website design & development company you quickly learn that, when it comes to the Internet, you have to be ready for anything and everything. Such was the case when the Heartbleed security bug was discovered last week.
Why is it called Heartbleed? One can only imagine it’s because the bug compromises the secret keys that IDs service providers, their content and the names and passwords of the people who go to the infected site. The bleeding part comes when the bug bleeds you dry of passwords, sensitive information, emails and anything else the hacker think might be interesting or useful.
Once discovered, website design & development companies around the world furiously began patching code and urging users to change passwords. At Kirk website design & development we did the same for clients whose sites had code in HTTPS (the only code that Heartbleed affects).
After doing a check of the 1,000 top ranked websites (according to traffic), Secura Security announced that all were patched. However, Secura that about 20 thousand website were still effected by this digital version of angina. According to Websense, which scanned 50,000 websites, 800 were still vulnerable to Heartbleed.
So how do you keep from falling prey to Heartbleed after you’ve changed all your passwords? If you have doubts about any site where you enter a password, go to Lastpass.com/heartbleed and type in the URL of that site. LastPass will tell you if Heartbleed is still attached to the site. For Android phones there’s an app called Heartbleed Security Scanner that can tell when a site is infected. IOS devices, according to Apple, are unaffected by the bug.
Once you’ve confirmed that the site is free of digital heart disease, change your password that uses numbers, upper and lower case letters and symbols. According to readwrite.com, it’s probably not a wise move to change a password until you can confirm that the site is fixed, since now that Heartbleed is public, your password change could possibly be taken advantage of. Most website design & development companies agree with this assessment.
It’s estimated that with so many sites infected with Heartbleed, it is likely to take years for the problems to completely disappear.
As a website design & development company, we at Kirk know that security bugs like Heartbleed will come along from time to time. It’s our job to take quick action to protect our client’s sites once one of these bugs is found out.