Blog

Some of you may have heard of a very serious security bug that has surfaced within the last few days. Its called “Heartbleed”, it is a software bug that allows attackers to eavesdrop on communications, steal data directly from affected services, and impersonate affected users.

First off, to our clients, none of our (Pure Logic) servers where affected by this bug. So if you have your website hosted with us you don't have to worry about your websites being affected.

That said, we strongly recommend that you reset your passwords for any and all of your personal and business online services you use. Some of the big websites that were affected where Yahoo, Facebook, Gmail, Tumblr, Dropbox and MANY more. For a partial list visit http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

One of the biggest security risks for you is if you use the same password for multiple accounts. There is a chance that your username / password could have been compromised from a website that was affected and if you use the same username and password for other services, it doesn’t take long for a hacker to start trying other sites / services with the same credentials.

What do I do?

So, it is VERY important to take the time now and create a good password process for yourselves. I highly recommend doing the following:

1. Get yourself a password manager to keep track of all your new (unique) passwords. There are many free ones available for your phones or desktops.
2. Change your password for your email accounts first. Make sure this password is unique and not used anywhere else.
3. Change your password on other major sites like Facebook, Yahoo, Gmail, Dropbox, Bank Accounts, etc. Again try to use unique passwords for each service. Try using variations on a core password (see Password Tips below).
4. Now the tricky part is that some of the “smaller” websites / online services may not have fixed the bug yet, so changing the password on these sites is pointless and could actually be worse (because they might be able to see you changing your password). So for some of these smaller sites, before logging in, check the website first and see if they have any security updates/messages. Many websites are either posting updates on their site or emailing out updates indicating their status. If the website has indicated that they either fixed it or they were not affected, then go ahead and change the password. If you are not sure and there are no messages, you might want to hold out. Or perhaps just google the site / company name with “affected by heartbleed” you will probably find your answer. Of course you could just contact the company to get their response.

Password Tips

Check this page posted by Wordpress on some good advice on how to choose a new password http://en.support.wordpress.com/selecting-a-strong-password/

Summary

In summary, our servers were not affected by the bug, however it is important to reset your passwords just in case they were compromised on another website.

Also, you may want to share this information with your friends and family because it literally affects everyone who uses the internet.

If your interested in the full details you can check this page out http://heartbleed.com