It’s been a crazy week for security, and we’re barely halfway through yet!
News about the Heartbleed OpenSSL security flaw broke Monday night. This bug allows anyone to read the memory of systems using vulnerable versions of the OpenSSL software, which means certain private information is no longer as private as you might like.
We’re not just talking credit card information (though this is certainly the most troubling for many people) but email addresses, passwords, and anything stored in memory. It’s kind of a huge problem.
Amazon moved quickly and began rolling out patched ELBs shortly after the Heartbleed vulnerability was discovered, and our servers have been upgraded as of this morning.
Has your site been affected? Here’s a great post about Github’s response to Heartbleed, as well as advice for making sure your account remains secure.
Github user titanous wrote a neat tool to determine whether a site has been affected by Heartbleed.
We’re glad we were able to get Instrumental patched so quickly, but this vulnerability will definitely have long-reaching consequences for a ton of businesses.
How did Heartbleed affect your business? What steps have you guys taken to fix the problem?