The Heartbleed Bug
There has been a lot of talk over the past week or so around the Heartbleed bug. Heartbleed is a security vulnerability that was recently discovered in the heartbeat extension of OpenSSL. The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet.
Rest assured, the heartbeat extension was never installed on our servers. BMT Micro only installs/utilizes features that are necessary for the secure function of our proprietary ecommerce system.
Although our servers were not affected, we are continuing to monitor the Heartbleed bug situation.
The Heartbleed bug is not malware or a computer virus. It is a vulnerability caused by a simple programming error, a true bug in the program. It is not known to have been exploited by any hackers prior to the error being discovered by a Finnish security firm.
Here is a comic by XKCD that explains the bug well:
As with many vulnerabilities, the danger comes after the bug is exposed. Now hackers have a new toy to play with. Although changing passwords on vulnerable servers is good advice, if the servers have not been fixed yet the hackers will get your new passwords soon. There is a site, https://ssltools.thawte.com/checker/views/certCheck.jsp, that will check the security certificate and let you know if that secure site is vulnerable to the Heartbleed bug.
After new vulnerabilities came to light on Friday the 11th, many sites are expected to revoke their security certificate and have new ones issued. Since many browsers retrieve a list of revoked certificates in the verification process of the current certificate being presented, display delays may be experienced by some customers.
If any new, pertinent information comes to light we will make sure to update our Blog and Facebook page, so feel free to continue to check back in!