Heartbleed Vulnerability and Our Clients

Posted on Thu Apr 10th, 2014 at 9:40 am

Heartbleed - Are You Affected?website-design-and-development

First, you may be interested in understanding what this vulnerability is. You can see the website http://heartbleed.com for more details. It's a serious vulnerability that has affected millions of websites, servers, cloud infrastructure and more all over the world.


We were first alerted to it yesterday (April 9, 2014). Since that time, we have verified the following:

  • Our clients hosted on Windows servers (IIS) are NOT affected
  • Our clients hosted on TechAnalysts' leased Linux servers are NOT affected
  • We have tested most of our clients' sites to verify that these sites are not affected. We still have a few left to go, but everyone that we have checked so far is good to go.

Only clients with SSL need to verify - many of our clients do not have SSL as these sites are not collecting user information. For those of you with SSL (mainly E-commerce sites or membership oriented sites), we are testing to ensure you are ok, but if you'd like to check yourself, you can go to the following site: http://filippo.io/Heartbleed


You can rest assured about your website - TechAnalysts is taking any and all steps necessary to ensure our clients' websites are protected.


However, you still may need to take proactive steps with other sites that are NOT hosted by TechAnalysts, such as your Yahoo Mail, Google, Gmail, Facebook, etc. sites that you use on a daily basis. While all of these companies are patching their servers as quickly as possible, you still may have been victim to important information leaking even though you were logging into a "secure" website.


But, don't rush out and change all of your passwords just yet - wait until you know that a particular server has been patched before changing your password there, especially if you tend to use the same password elsewhere. Otherwise, if you change your password on a unprotected site, you may still be giving over important information to "prying eyes".


You can use the vulnerability testing site listed above if you are unsure if a particular site has been patched.


As always, your security is of utmost importance to us. We will continue to monitor to make sure you are not suseptible to this vulnerability.


<<-- Back to Technically Speaking - Our Blog  Email to a friend