As online marketeer, I wanted to update you about all response regarding the recently announce of CVE-2014-0160 vulnerability, also known as the “heartbleed’ OpenSSL bug. Given its potential impact, I wanted to ensure you understood potential implications to you and your commerce solutions.
First, What Is the heartbleed OpenSSL bug?
At a high level, the “heartbleed’ issues is a vulnerability that exposes secure information from your servers to those who knew how to exploit this issue.
At a more technical level, “Heartbleed’ is a security vulnerability that exploits a programming bug in the OpenSSL library that makes the remote process (web server, for instance) leak a random block of memory. Through repeating the malformed call, attackers could search for data patterns that would reveal sensitive information (passwords, credit cards, even private keys for the SSL certificates). Since this bug has been present in all the OpenSSL releases between March 14th 2012 and April 7th 2014 (versions 1.0.1 to 1.0.1g), a potential attacker that was aware of the bug could have extracted sensitive data during this time from affected servers.
What Did the internet community to Protect You?
As soon as the security bulletin broke, the responsible in the community have re-checked all our external-facing SSL-secured services against this vulnerability. None of the services related to the payment processing were found to be susceptible to this bug. We had not set any of these up in a way what exposed this vulnerability. This means neither the private keys nor other sensitive information were leaked at any point of time due to this vulnerability – even to potential attackers that had knowledge of the “heartbleed” exploit before it was disclosure on April 7th, 2014. Rest assured that our security team continues to work hard to keep your data secure.
What Should You Do About the heartbleed?
Changing your login passwords for your Hosting Control Panels or API communication is not necessary, but we do recommend you take this time to change your password, as well as to change your passwords regularly to minimize the attack window for similar issues in the future.
In addition, we recommend you have your operations team review your total commerce solution and other server setups to ensure that all sensitive materials potentially compromised are properly protected with updated setups. If you have SSL-secured services of your own, you should investigate if you had this bug at any point and consider updating keys and passwords.
More details on the Heartbleed Vulnerability can be found on the dedicated website: http://heartbleed.com/.
Be strong and have a nice time
Ps: If you want to start your own online business than you should download this free ebooks and this will help you to start your business!