Heartbleed Virus :: what you need to know
Our customers have been contacting us with their concerns over this virus.
Here are some facts you need to know
1) this is a server side issue, your hosting company has to patch their server
2) it has existed for over 2 years, it is not new
3) no website virus scanner will detect it
4) this isn't simply an issue on your personal computer or your phone — it's in the software that powers the services you use.
5) simply changing your passwords will not help
6) the vulnerability leaves no trace
Here is the simple explaination of how it works.
It involves a flaw, a hole, a vulnerability in a server protocol called OpenSSL, the open-source encryption standard used by the majority of websites that need to transmit the data that users want to keep secure.
Your site certificate (SSL) keeps the information being transmitted secure by using something called, Encryption. Your SSL needs openSSL to work. Encryption makes the data being sent look like nonsense to anyone but the intended recipient. Occasionally, one computer might want to check that there's still a computer at the end of its secure connection, and it will send out what's known as a heartbeat, a small packet of data that asks for a response.
Because of a programming error in the implementation of OpenSSL, the researchers found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.
This is about as simple as I can make it.
You need to call your hosting company and make sure your server is patched. Then change your passwords. Replace your site certificate if you can, they can be effected also.
There is a website with detailed information
One more importnant issue. The hosters are really going to push to upgrade their server software. Thus, now more then ever, if you dont upgrade your websites, they will go down as they are not compatible with newer server software. If you have not upgraded your websites, DO IT NOW. Better to have it done then to find out your site is suspended and your going to be off line for weeks as your site is being upgraded.
I hope everyone makes out ok. Let us know of questions or concerns