What is the Heartbleed bug?
The heartbleed bug is a two-year old vulnerability in OpenSSL code, which is a widely used data encryption standard used to handle secure information. This vulnerability was only very recently unearthed and patched.
Who is affected?
Unfortunately, almost anyone who transmits information and signs up for accounts over the internet could include the bug. To determine if a site you visit is still vulnerable, you can visit http://filippo.io/Heartbleed/
What can be leaked?
Potentially, anything. What is worrisome about this bug is that the keys which are used to encrypt or translate your private information into an unreadable code can also be accessed. This means that passwords, addresses, and credit cards could theoretically be accessed.
What should I do as a site owner?
If you own a website, the first step is to check with your development team. They’ll be able to determine whether or not your SSL-enabled website was affected. If your site is managed by Farshore, we’ve got you taken care of— see below.
What has Farshore done about it?
All affected production servers have been updated with a new release of OpenSSL which patches the vulnerability. We will continue to monitor any updates, but this particular error has been patched completely.
