Reason8 Security Update - The Heartbleed Bug
You may have heard talks in the media about a security breach affecting the Internet called Heartbleed.
What is Heartbleed?
In simplistic terms the breach occurred within the software on a website database which deals with encryption. Encryption is essential to the running of the internet as it allows our sensitive data to be scrambled to keep it secure. It is responsible for keeping our passwords, and personal information such as our addresses safe from those we don’t want to have access to it. It’s constantly working in the background of most of the sites we visit without our ever noticing it.
Google working with a company called Codenomicon discovered the flaw ‘known as a bug’ in a piece of software that encrypts our information. This software, called OpenSSL is used in some form on around 66% of all websites on the Internet. If a hacker where to know about the bug then they could use it to target specific sites and extract sensitive data from their databases. The problem with the bug is that if someone has accessed the information then it leaves no trace so there is no way of knowing whether a sites information was compromised.
What is the Solution?
Most big websites including Reason8 were aware of the bug before it hit the media. The solution is very easy and Reason8 were able to fix the problem very quickly. Therefore there isn’t currently a threat from Heartbleed to any of our client’s websites or their accounts.
At Reason8 we keep very little information on our clients and much of that information, such as addresses is already displayed on their websites. In addition to comply with security laws we do not retain any financial information for any of our clients. This is handled directly with the banks who then forward payments onto us.
What steps can you take?
We therefore deem the risk to client’s from Reason8 as being minimal, if at all.
However general guidance from those investigation the bug has been that we should all consider changing the passwords to our online accounts. If you decide to take this action then you should also change the password for your Reason8 website.
If you would like a more complex explanation of the bug then you can visit the dedicated website at www.heartbleed.com