Select Plan

Blog Post

Heartbleed Security Alert

A major security flaw in a server application that runs on most of the world's web servers means it's time to change your website passwords.

Apr.9.2014 / Release / 2 Comments

A major security flaw in a server application that runs on most of the world's web servers was discovered by the security team at Google on Monday.  Called the Heartbleed bug, this security vulnerability affects many websites (including liveSite websites) that use Secure Socket Layer (SSL Certificate) to encrypt their communications.

  

This only affects sites that display a "lock" when accessed.

The Heartbleed bug allows skilled hackers to see small portions of the data transmitted between your website your site visitors which would normally be encrypted. User logins are small pieces of data, making them particularly susceptible to compromise.

What should you do right now?

If your liveSite website is accessed via secure mode (https://) then we STRONGLY recommend that you change any website user passwords. This is especially true if you have a User Role of Administrator, Designer, or Manager within your liveSite.

You should also change any website passwords you may have with other sites you frequent (online banking sites, social networking sites, etc). Yeah, it's that big of a problem.

If you are hosting with us, you are not vulnerable anymore.

It is important to understand that this is not a bug in liveSite, so there is no need to update your liveSite software. It is a bug within your web host's server.  Since Camelback hosts thousands of websites, we have already updated our servers so if you are hosting with us, you are no longer vulnerable. Not all our servers were vulnerable, but we are not releasing that information for security purposes. However, since you may have been vulnerable, we still STRONGLY RECOMMEND that you change your liveSite passwords as soon as possible. We have not had any incidents of security breaches reported, but that is not a reason to take this security threat lightly.

If you are hosting your liveSite elsewhere, you need to contact your web host.

First, enter your domain name into this site (http://filippo.io/Heartbleed/) to find out if your SSL-enabled website is vulnerable. If you site is vulnerable, contact your web host and ask them to fix your web server immediately. Remember to change any user passwords only after it is resolved.

We take all security threats seriously here at Camelback, and this one is a big issue for many of the sites we all frequent, so we join you in your frustration as we all change our passwords together.

Thank you,
Camelback Web Architects
simply innovative.


 
2 Comments
Added by banderton ELITE

For sites hosted with Camelback, were existing SSL certs revoked and re-keyed as a precaution?
Added by Camelback Web Architects STAFF

Yes, new SSL certs where issued and old ones revoked.
Add Comment:
Please login or register to add your comment or get notified when a comment is added.

Building custom website solutions for organizations of all sizes for over 20 years.