Heartbleed: how are you affected
This article was originally published on the Dolphin Worxs parent company site at http://www.dolphinworxs.com/blog/2014/04/14/heartbleed-are-you-affected/ in April 2014.
On April 7th 2014 , the news broke about a flaw in a technology called OpenSSL. OpenSSL is a widely used open source technology which underlies much of the security on the internet.
What happened at Dolphin HQ this week?
Your site is hosted on Amazon Web Services, when we became aware of Heartbleed this week, we immediately began work on identifying if there were any gaps in our security and if AWS (Amazon Web Services) was affected by Heartbleed. Amazon have provided patches to the services that are affected, and subsequent to these patches being installed, we have fully replaced all digital security certificates and recommend that if you have not changed your password since Sunday April 13th, that you do so as soon as possible.
You can find out how to change your password at this article on our help manual
So, tell me in English why I need to change my password?
There are several excellent articles which explain the origins of the Heartbleed bug, and it’s impact on the wider internet community, they are listed below with links. We’d like to explain it in a far more layman terms , and also provide one clarification, before misinformation becomes more prevalent.
Heartbleed is not a virus, it was not created by a hacker. In laymans terms, if you think of a row of houses in a suburb, and they all have the same brand of lock on the door; HeartBleed would be the fault in that brand of lock, that would randomly show the key to any house to to the people who happened to be looking at the lock at the time.
By saying that a particular site is ‘affected’ by HeartBleed, it means that the lock was faulty; it does not necessarily mean your accounts have already been hacked. This is why it’s so important for you to change your passwords on all the sites affected, because the longer you leave them, the more at risk you are.
If your password has been exposed, then even after the lock is repaired, your house is still vulnerable to the person who knows the key. It’s also critically important that you do not use the same password across multiple sites; because you will have essentially handed out a skeleton key for your house, your holiday cottage, your car, and your office.
Some of the more well known websites that have confirmed being affected are Facebook, Twitter and Dropbox. Locally in Australia, according to the Sydney Morning Herald, sites such as JB Hifi, Priceline and even the Commonwealth Courts website have been patched or are in the process of being patched.
Now, here’s that list of good articles about HeartBleed
We will add to this list as we come across good articles with excellent info, if you find something interesting or useful and think it should be listed, let us know.
HeartBleed Hit List: The passwords you should change now on mashable.com
Heartbleed Bug : what you need to know (FAQ) on cnet.com