Apr.9.2014 / Release / 2 Comments
A major security flaw in a server application that runs on most of the world's web servers was discovered by the security team at Google on Monday. Called the Heartbleed bug, this security vulnerability affects many websites (including liveSite websites) that use Secure Socket Layer (SSL Certificate) to encrypt their communications.
This only affects sites that display a "lock" when accessed.
The Heartbleed bug allows skilled hackers to see small portions of the data transmitted between your website your site visitors which would normally be encrypted. User logins are small pieces of data, making them particularly susceptible to compromise.
If your liveSite website is accessed via secure mode (https://) then we STRONGLY recommend that you change any website user passwords. This is especially true if you have a User Role of Administrator, Designer, or Manager within your liveSite.
You should also change any website passwords you may have with other sites you frequent (online banking sites, social networking sites, etc). Yeah, it's that big of a problem.
It is important to understand that this is not a bug in liveSite, so there is no need to update your liveSite software. It is a bug within your web host's server. Since Camelback hosts thousands of websites, we have already updated our servers so if you are hosting with us, you are no longer vulnerable. Not all our servers were vulnerable, but we are not releasing that information for security purposes. However, since you may have been vulnerable, we still STRONGLY RECOMMEND that you change your liveSite passwords as soon as possible. We have not had any incidents of security breaches reported, but that is not a reason to take this security threat lightly.
First, enter your domain name into this site (http://filippo.io/Heartbleed/) to find out if your SSL-enabled website is vulnerable. If you site is vulnerable, contact your web host and ask them to fix your web server immediately. Remember to change any user passwords only after it is resolved.
We take all security threats seriously here at Camelback, and this one is a big issue for many of the sites we all frequent, so we join you in your frustration as we all change our passwords together.
Camelback Web Architects