Webmasters: Protect yourself from Heartbleed
21st Aug, 2018
Less than a week ago there was world headline news about Heartbleed bug which you can read about the original post about Heartbleed on BBC here. In a nutshell, you'll want to change a lot of passwords to protect yourself, your websites and your finances. There are a big list of tech companies that are affected, although many are claiming to have been unaffected, they are at least admitting that there was some risk and recommending users change their passwords.
What is Heartbleed Bug?Heartbleed but is more or less a security flaw in OpenSSL where OpenSSL is used by most websites to protect and encrypt your data. So with the websites that have been at risk, what is potentially exposed to hackers are usernames, passwords and other account information like credit card data. This flaw has existed for more than 2 years and is now being fixed.
How can Heartbleed affect webmasters?In too many ways and depends on what products and services you use. Your email is probably the most important service you will want to protect as many emails are the gateways to your bank accounts, ewallets, social media networks and domains and webhosts. So that means you can have money stolen from you, your sites could be exposed to hacks or spam and even worse your site could get injected with links that would help you leak traffic and link juice. Your social media accounts can be important as you could lose some admin rights and those tools can also be used to spam your followers. Same for your email subscribers. Over the years there have been enough webmasters who have had problems of having ewallets drained, domains transferred out of their possession and also their affiliate accounts passwords not only changed but payment details updated.
How to protect yourself from hacks, attacks and to keep your passwords secureWhen an event like this happens, there is probably little you can do other than to follow the advice of the tech companies to change your passwords if they either have been compromised or will be compromised. This stuff unfortunately happens however heartbleed is on a wider scale. Just to name a few major hacks over the years:
- Target has 40 million credit cards breached
- Evernote passwords hacked
- Playstation Network hacked affecting 77 million users
KeepassXKeepassX.org is a program that helps you create random passwords and organize your accounts. This is a useful program for webmasters who can have hundreds of affiliate program accounts. You don't want any 2 passwords to be the same as if 1 password is compromised it could be used to gain access to other accounts like emails, ewallets or websites.
What webmaster related services are affected by Heartbleed?
Emails & Social NetworksGmail is the major email service provider that was affected along with Yahoo. Social media networks like Facebook are also affected including Pinterest and blog service provider Tumblr.
Payment methods and ewallets affected by HeartbleedThe major ewallet for gambling webmasters, Skrill, appears to be affected but isn't fully confirmed. No word on Neteller and PayPal is supposedly unaffected.
Domain & Hosting CompaniesGodaddy were affected although we have other website hosts we recommend. Namecheap were quick to inform users to update their passwords and provided a comprehensive article on what to do about it.
Webmaster tools affected by HeartbleedThere are a ton of tools that webmasters use but for the ones that you do use, you just need to do a quick search to see if your service or product was affected. Dropbox was one of the big players to announce they were affected. Of course Google has a ton of services which are all connected through an email to login and that adds to the list of services that could be at risk.
Update your passwords immediatelyUnfortunately heartbleed is a big problem and the best way to protect oneself is to update passwords immediately. For webmasters this can be a nightmare than the anyone else as webmasters simply have more accounts, logins and services signed up for everywhere that relates to their business. You can see a short list of companies affected here and you can always just do a simple search of "company heartbleed" to see if that product or service could be affected. Once you know your list, then it is time to update passwords. Leave a comment if you know of a website, product or service that could leave any webmaster exposed.
21st Aug, 2018