If you haven’t heard of the Heartbleed Bug by now, let us be your welcome wagon. In summary, and in the words of one of our developers:
“[The Heartbleed Bug] pertains to OpenSSL, which is a component that helps power, for our purposes, the cryptography that enable SSL (https). The bug enables hackers to read the memory of affected systems, basically allowing them to listen in on encrypted traffic that should only be readable by the end user and the server with the certificate.”
Vox.com goes into thorough detail about the Heartbleed Bug and what it all means, and Mashable provides a nice, at-a-glance table of which social networks, banking, government and other websites are recommending you change your passwords.
What does this mean for cascade and our clients?
Alarms about the Heartbleed Bug started sounding in tech circles on Monday. Cascade servers were immediately reconfigured to work around the bug, patched minutes after the updated software was made available, and confirmed to be safe by Tuesday at 12:00 Noon, PST.
We are confident we’ve taken all necessary precautions regarding the Heartbleed Bug at this time. As a service to our clients, we always watch our servers closely and continuously provide security updates.
What if I don’t know if my site is affected and I need to call you guys?
While your company’s website is likely not directly affected, your other online accounts could be. If you used a password on a site that this bug was successfully exploited against and reused that same password for your website’s administration area, your site could be at risk.
One problem is that while we’ve all seen the impressive list of sites that were affected by this bug, information is scarce on what sites, if any, have actually been compromised using it. Cascade is advising clients who reach out to us to err on the safe side. It’s always a good idea to use different passwords for different sites and change them on a regular basis. Now’s as good a time as any to start practicing good password hygiene if you’re not already.