I don’t normally post things from my newsletter to the blog, but this one was too important to not post…
I’m talking about the HEARTBLEED BUG — that vulnerability in secure encryption that allows hackers to steal passwords and other sensitive information. I’ve heard people receiving confusing information from other biz owners, from the news, from their server companies, and so on… so I wanted to help my tribe understand what this is and what they should be doing about it.
So here’s what you need to know right now about HEARTBLEED:
- This bug has been around for a while. It’s just now been discovered but it may have been causing problems for a while.
- If you use SSL on your site, you need to update. If you take credit card payments or use plugins like Gravity Forms that accept secure data (ie there is https in the beginning of the url), you need to update. There is a patch available to help this problem. If you are doing managed WordPress hosting with me, I have already patched your site and secured it. If you are using another host, please contact your host immediately to ask them what needs to be done to your server to patch this.
- Many banks do not use this software. If your financial institution does not use the particular secure method with the issue, then you are fine and can continue business as usual with your bank.
- Many other sites do use this software. Facebook, Instagram, Tumblr and Pinterest have all been affected. You can see a list of many affected sites here.
- Not everyone has updated. If a site has been affected but has not patched their software, changing your password only makes it worse — hackers can steal the new password AND get access to the answers to the security questions you use to reset the password. To know if a server has been patched, you can use this tool at LastPass to check. If they have been patched, go ahead and make a new password now. If not, hold off. This list will also help you know who has been patched — if you have an account on one of the sites with a green check, change your password now.
- If you are making a new password, follow strong password rules. I know it’s a pain to have a different password for every site, but it really is the best way to keep you safe. If you need help remembering all those, use LastPass. The best passwords are generated randomly — try using this tool or this tool to generate a new strong password.
Questions? Feel free to ask below!
P.S. If you want to be notified when things like this come out, make sure you sign up for my list somewhere on this site!