The first question you may be asking yourself is “What exactly is the Heartbleed bug?” The following quote comes from directly from heartbleed.com:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.”
Learn more about the Heartbleed Vulnerability at heartbleed.com.
The second question you’re likely asking yourself is if FatCow was affected. We want to assure you that the security of our customers is a top priority. We began addressing the Heartbleed vulnerability issue immediately upon disclosure and have successfully applied patches to all of our platforms. The likelihood that private information was compromised is very minimal due to the lack of a public exploit at the time of the disclosure. We will continue to work to protect the security of our customers and their data.
Learn if your site is vulnerable by going to heartbleedcheck.com.
Q: Is my server vulnerable?
A: There was a period when anyone relying on openssl was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. At this time, our servers are not vulnerable and information is secure.
Q: Has FatCow replaced its own SSLs?
A: Yes, upon the disclosure of the vulnerability we immediately reached out to our SSL providers and began the process of having all of our internal and external SSLs reissued.
Q: Should I replace my SSLs?
A: That is a personal choice. If you feel it’s worth the time, or if you are dealing with sensitive data, then it’s a good idea to have your cert re-issued. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure. However, if you do decide you would like to reissue, we will be happy to assist.
Q: Was my security or privacy compromised?
A: There was a period when anyone relying on openssl was vulnerable. Upon disclosure of the vulnerability, we immediately patched our entire platform. The likelihood that your private keys were compromised is very minimal due to the lack of a public exploit at the time of the disclosure.
Q: Should I change all of my passwords because of the heartbleed exploit?
A: Changing your passwords periodically, using strong passwords and keeping your passwords secure are things that we always recommend. While we can’t say for sure what the extent of the potential impact of this heartbleed exploit may be, we always feel that it’s a good idea to exercise best practices when it comes to password usage. If you haven’t changed your passwords recently (or even if you have), this is a great opportunity to do so, while you’re thinking about it.