![\"Heartbleed](\"http:\/\/www.powrsurg.com\/blog\/wp-content\/uploads\/2014\/04\/heartbleed.png\")
<\/a>Heartbleed is the name of a critical bug recently found in OpenSSL. OpenSSL is the most popular cryptology software<\/a> in the world. This means that two-thirds of the web was vulnerable<\/a>. Even worse is that they were vulnerable for about two years<\/a>.<\/p>\nYes, this issue hit major sites. Google, Amazon, and Facebook<\/a> were vulnerable. Every major Linux vendor distributed versions of OpenSSL with this bug during the two-year time. All major websites have secured themselves. All major Linux vendors offer updated versions of OpenSSL.<\/p>\n The Heartbleed bug allows anyone to alter the SSL certificates and decrypt the data. If someone recorded all secured traffic from a site they now have a method to decrypt it to see what happened.<\/p>\n Fortunately, no evidence has yet suggested that this bug was ever exploited before its discovery. Unfortunately this is not likely the case anymore.<\/p>\n A site is vulnerable to Heartbleed if they ran OpenSSL in the last two years and have not:<\/p>\n The first point addresses whether someone can use Heartbleed to breach a site’s security. You can use the excellent scanner from Filippo<\/a> to see if a site is now vulnerable to Heartbleed.<\/p>\n The second point addresses whether someone can breach the site now after having breached the site before. The scanner from LastPass<\/a> will tell you if a site ran a web server that was vulnerable to Heartbleed and when they last installed a new SSL certificate. If the SSL is more than 2-3 days old it’s likely vulnerable. Please note:<\/strong> LastPass reports definitely<\/strong> if a site was vulnerable. It does not mean they are definitely vulnerable now.<\/p>\n What you need to do depends on who you are.<\/p>\n If you’re a server admin you need to update your version of OpenSSL. Additionally if your server runs SPDY<\/a> you must install the latest version of mod_spdy. A SPDY-enabled server with a fully patched version of OpenSSL is still exposed until you install the new version of mod_spdy.<\/p>\n Check any site you visit. with the two scanners linked above. You are going to want to change your passwords on any vulnerable site. If a site was vulnerable you need to wait until after<\/strong> a server admin installs a patch to keep your identity secured.<\/p>\n It is not unreasonable to believe that any credit card used on the internet in the last two years is out there. You may want to have them cancelled.<\/p>\n We here at Brand Builder Websites have updated all of our web servers so that no sites are vulnerable to Heartbleed. We have also re-keyed all SSL certificates for sites that run an SSL. We value security and acted quickly to protect our clients and any of our clients’ clients.<\/p>\n Please leave a comment or respond to us on social media or through email if you have any questions related to Heartbleed or your site’s security.<\/p>\n This post was originally published as Heartbleed Critical SSL Vulnerability<\/a> for Brand Builder Websites<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":" The critical SSL vulnerability called Heartbleed is in the news. Here we explain how it affects you. What is Heartbleed? Heartbleed is the name of a critical bug recently found in OpenSSL. OpenSSL is the most popular cryptology software in the world. This means that two-thirds of the web was vulnerable. Even worse is that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,19],"tags":[188,186,187],"class_list":["post-2057","post","type-post","status-publish","format-standard","hentry","category-google-2","category-informative","tag-security","tag-spdy","tag-web-development"],"_links":{"self":[{"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/posts\/2057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/comments?post=2057"}],"version-history":[{"count":1,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/posts\/2057\/revisions"}],"predecessor-version":[{"id":2059,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/posts\/2057\/revisions\/2059"}],"wp:attachment":[{"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/media?parent=2057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/categories?post=2057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.powrsurg.com\/blog\/wp-json\/wp\/v2\/tags?post=2057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}What Sites are Vulnerable to Heartbleed?<\/h2>\n
\n
What Should I do?<\/h2>\n
Server Admins:<\/h3>\n
Users:<\/h3>\n
What have we done?<\/h2>\n