- Content Marketing
When Your Customers Become Your Contributors: Brand Journalism Meets TraditionalGoogle Is Changing the Close Variant Matching Option in AdWordsBefore You Invest in Online Advertising, Do This!Native Advertising: The New New Thing or a Race to the Bottom? [VIDEO]
Technology & Data
Data and Creativity at the Social Shake Up: Defining Your Data-Driven Social CampaignTalking Strategy and Data with Shannon Lee of Precision StrategiesNew IBM Study Reveals 3 Key Characteristics of the Most Successful CompaniesMinority Report: Confronting Privacy Issues in Big Data Gathering
- Tech & Innovation
- marketing automation
- Social Tools
Social Change Agent Survey: Passion, Skill Set, and Persistence Lead to Career Growth#SocBizShakeUp: Sandy Carter at The Social Shake-UpThe Social Shake-Up: How CMOs Drive Innovation and Revenue GrowthOracle CEO Larry Ellison Takes New Role: What Does It Really Mean?
Study Shows SMBs in 5 UK Industries are Ready to Take on Social Media MarketingIs Your Small Business Doing Content Marketing Wrong?5 Free and Effective Social Media Tools Perfect for Small BusinessesWhat's on Our Bookshelves? Great Reads for Small Business Owners and Entrepreneurs
- Social Organization
Recap from the First-Ever Employee Advocacy SummitFormer IBM Senior Advisors Launch Brands Rising to Build Employee Advocacy ProgramsPerformance and Risk Management Through Social Media TrainingEmployee Advocacy Summit: Advocate Stories from the Field
- Customer Service
Join us September 15th in Atlanta for The Employee Advocacy Summit and learn how to unleash the power of your employees.
Post your event here and we'll share it with our community. If one of our members is featured, we'll promote as well on their profile.
- Marketplace & Webinars
The SMT Marketplace
Your resource for exclusive content and insights from Social Media Today, and opportunities to reach our community of professionals.
The Social Business Book Club brings you books, discussions, and insights from today's to business thought leaders.
Join interactive talks and and panel discussions with leading thinkers and practitioners on social media and networked business, or browse the catalogue of recorded sessions - all completely free.
Reach Social Media Today's community of marketing and communications professionals in an editor-approved context with a native advertising package.
What You Should Know About the HeartBleed SSL Security Bug
Posted on April 13th 2014
If you have an account on Yahoo mail, Gmail, Instagram, Netflix, or a variety of other websites, you may have been affected by the HeartBleed SSL security bug. HeartBleed just became public this past week, and is rapidly being addressed, but it represents an SSL security vunerability that may have existed and been exploited by hackers for up to the last two years. I just read two great news articles on Heartbleed, which I've summarized and added to here, and link to at the bottom of this post.
First, what is SSL? Is it like LOL?
SSL stands for Secure Sockets Layer, but most internet users probably recognize it as the padlock in our browser address bar and/or a website url beginning with "https" instead of "http". SSL encrypts the data we send to and from a website, so hackers can't read it. Heartbleed is a bug in the SSL process that was uncovered by a security expert at Google last week. It affects OpenSSL, a popular program used to run SSL security on many websites. Heartbleed ONLY affects the OpenSSL program, so websites that use a different SSL program are not affected. More importantly, the way HeartBleed works is that a flaw in the OpenSSL program allows a hacker to read the secure data transmission while it is stored in temporary memory, and only while it is temporary memory. Hackers can't steal all of the website's data... they can only retrieve any data transmissions while they are stored in temporary memory. Thus, if you were using a website in secure SSL mode while a hacker was eavesdropping, he could have stolen your information. But it is important to remember that is only the data as it is temporarily stored in temporary memory, and it is not the website's entire database. Further, although security experts believe this vunerability may have existed for up to the past two years, it is unclear if it was exploited by hackers and/or to what degree.
What websites were effected?
According to Mashable, the list of websites using OpenSSL is significant, and includes Instagram, Pinterest, Tumblr, Google, Yahoo, Gmail, Yahoo Mail, GoDaddy, Flickr, Netflix, YouTube, and Dropbox. The good news is that Mashable lists many banks, and none of the banks were affected by Heartbleed. Further, all of the popular websites listed above have patched their SSL security now, but there are a LOT of websites using OpenSSL.
What should you do?
You should understand how Heartbleed works, what websites were affected, and how it might affect you. More than likely, affected websites will be emailing their customers with further instructions. It's important to make sure any website (if they use OpenSSL) you use in secure SSL mode has patched or fixed their server before you continue to use their service, and you should ask them if you need to change your password.
What about us webmasters with secure online stores?
I first heard about Heartbleed this past week because we have an online store that uses SSL. Our SSL provider notified us that we may be at risk, but explained that the issue was not with their SSL certificate, but was with our webhost, and depended on whether or not our webhost used OpenSSL. Our SSL provider provided the following link to check if our website was vunerable. In our case, our store was not affected. But if you have a website that uses SSL, if you haven't already checked, you should use this link to see if your website is affected, and if your webhost is using OpenSSL, you need to make sure they have patched or fixed it, or do so immediately:
Similarly, if you do any online ordering or other web activity that requires SSL security, before you do it, check the website you are using at the above link first to see if they have been compromised by the Heartbleed bug.
For more information, I highly recommend reading these two articles: