Heartbleed: How to Protect Your Ecommerce Site

In Website Maintenance

A Heartbleed leaking out informationThe Heartbleed bug is the topic de jour of internet security as of late. In fact, there has not been an internet security issue as widely touted by the media since the Y2K threat. However, unlike Y2K, Heartbleed has the capacity to compromise information and send your ecommerce website into a tailspin. If you are not familiar with what implications the Heartbleed bug has for your ecommerce venture, here is some important information you should know in order to safely secure your business and the information of your customers.

What exactly is the Heartbleed bug?

The Heartbleed bug is not a typical virus. In fact, it is not a virus at all but a coding flaw, in versions 1.0.1 of OpenSSL, the open-source encryption protocol used by most websites. This flaw allows hackers to eavesdrop on login attempts and walk away with encrypted data like long-term server private keys, passwords, TLS session keys, and session ticket keys.

What information is at risk with the Heartbleed bug?

If you run an ecommerce website, your customer’s sensitive data, such as credit card numbers, is at risk. Even if your online business adheres strictly to the Payment Card Industry Digital Security Standard and takes every other precaution to ensure the privacy of its customers, Heartbleed can still find a way to compromise the information.

What is the best course of action for Heartbleed protection?

In addition to following regular security procedures and strategies for your site, the best course of action to take with Heartbleed is to change all business passwords, especially those related to banking. The next step to take is to contact your server to make sure it was not running a vulnerable version of OpenSSL. If your server did not patch or update the vulnerabilities in the OpenSSL before Heartbleed took effect, it is a good idea to revoke and replace SSL certificates once the server takes all of the necessary precautions to fix the issue.

Can Heartbleed hijack a mobile device?

Heartbleed is not capable of hijacking a mobile device and taking over the controls of the smartphone or tablet. The big issue concerning Heartbleed is the data stored in the memory of the smartphone, but most devices already secured their operating systems before the bug hit.

Is it still safe for customers to shop online?

Because of all of the media attention Heartbleed received and the preemptive defense most ecommerce sites took, it should be safe for customers to shop online. However, if a customer is not sure about the safety of an ecommerce site, the Chromebleed Checker extension for Google Chrome is an excellent tool for finding out if a website was compromised by the bug.

Recent Posts