Heartbleed

If you’ve seen the news lately, you’ve seen the mess that is Heartbleed.

This post is to let you know what it is, what we’ve done about it, and how it affects you.

What Is Heartbleed?

Heartbleed is a security vulnerability that was recently discovered in OpenSSL. OpenSSL enables SSL and TLS encryption, which governs HTTPS—the secure communications between your computer and the servers on the Internet. It is used by about 2/3 of the web servers in the world. This vulnerability was the result of a programming error (or bug) in several versions of OpenSSL. It’s NOT A VIRUS!

Heartbleed allowed potential access to a private key for an SSL certificate, as well as the encrypted communication itself. This basically means that any individual with the knowledge and skills required to exploit this vulnerability, had a window to grab user names, passwords, and any private information you may have accessed with practically any of your online services that utilize the affected versions of the OpenSSL toolkit.

What We’ve Done About It

Upon learning of this exploit, our engineers took immediate action by applying the proper updates to all of our affected servers and SSL Certificates.

We are confident that our actions have eliminated any further vulnerability associated with Content Shelf services.

How Heartbleed Affects You

At this time, we have no reason to believe any sensitive user information was accessed; however, out of an abundance of caution, we recommend that all users change their passwords at their earliest convenience.

Users can easily update their password by logging in to the user dashboard. And remember, it is unsafe to use the same username & passwords across multiple online services.

Again, out of an abundance of caution due to the sheer scope of this issue, we are recommending a password change for all users as soon as possible.

If you have any questions regarding Heartbleed, send us an email at help[at]contentshelf[dot]com.

To see if a site you use is affected, you can test using this site – http://filippo.io/Heartbleed/