Heartbleed SSL, what you should know, and what we are doing about it

If you have been watching the news lately, you may have heard of a widespread issue with the servers that host most of the world’s websites.  Heartbleed is a known exploit that has shown up in the OpenSSL cryptographic library. It is a major threat to security because it can allow hackers to gain access to highly sensitive information, including credit cards, usernames and passwords.

Why is it a problem

Unlike common exploits such as brute-force password attacks or incorrectly configured server settings, Heartbleed is, “a weakness in one feature of the OpenSSL software — the so called ‘heartbeat’ extension, which allows services to keep a secure connection open over an extended period of time — allows hackers to read and capture data that is stored in the memory of the system,” according to cybersecurity firm Codenomicon. Read More

Although this is a major security issue, just because a server is vulnerable does not mean that anything bad has happened.  Think of it like this:  if you leave your back door open when you are out of town, it does not mean that you have been robbed, just that someone could have come into your house.

What We Are Doing

TG is taking a proactive approach to dealing with the issues of Heartbleed.  At this point, we have zero evidence or indication that any of our customers’ sensitive data has been impacted.  We have reviewed each and every server we use to host client projects to ensure they are not running the vulnerable version of SSL that is impacted by Heartbleed.  Any servers with the vulnerable version have been updated to a new version, immune from Heartbleed attacks, and new versions of the SSL certificates have been created.  Customers with vulnerable versions have been contacted directly.  If you did not hear from us directly, you should have nothing to worry about it.

 

If you would like to check to see if your site, or a site you visit is vulnerable,  use this tool.