Content Discovery Smackdown: Hootsuite vs. Buffer vs. KloutContent Marketing Minds: Ingredients of the Tastiest Content [Nutrition Label]From the Corn Field to the Digital Era: Content Marketing Starts with TrustContent Marketing: Is 2014 Really Shaping Up to Be the Year of Video?
Your Customers Aren’t Listening! How to Create Consumer Dialogue that Converts4 Tools for Nonprofit Social Listening and Reputation ManagementThe Promising Role of Social Listening in Treating Health IssuesThe Importance of Social Listening for Brands
- Public Relations
Facebook Testing a Way for Users to Buy Products on the Platform7 Website Tips to Attract More Shoppers to Your PagesHow eCommerce, Augmented and Virtual Reality Will Redefine the Retail ExperienceSearch Query Analysis to Increase eCommerce Website Conversions
- Content Marketing
Technology & Data
Social Startups: Bizible Connects All the Dots from Marketing Contributions to RevenueCreating the Perfect Profile for Your Social Media Marketing EffortUsing GPS and Localization for Social AnalyticsAnalytics and Prospect Intel: Discovering Your Ideal Prospect
- Big Data
- Tech & Innovation
3 Security Risks You’re Taking Every Day While Using Social MediaShould the President Have the Power to "Pull the Plug" on the Internet?How Safe is Your WordPress Website From Hackers and Other Malicious Attacks?
- Software & Tools
- Small Business
- Social Organization
Celebrating the Grand Re-Launch of Social Media Today! SBH Podcast Episode 8Why Should You Care If Your Employees Are Thought Leaders?Beyond Engagement: The Art of Managing Social-Media Risk in Employee Advocacy
Why All-in-One Social Media Management Systems Don't Cut It for Social Customer ServiceWhat You Should Know About Customer, Digital, and Contextual ExperienceSurging into Q3: How to Make It Better Than Q2Is How You Serve Your Customers Costing You Business?
Join us September 15th in Atlanta for The Employee Advocacy Summit and learn how to unleash the power of your employees.
Post your event here and we'll share it with our community. If one of our members is featured, we'll promote as well on their profile.
- Marketplace & Webinars
The SMT Marketplace
Your resource for exclusive content and insights from Social Media Today, and opportunities to reach our community of professionals.
The Social Business Book Club brings you books, discussions, and insights from today's to business thought leaders.
Join interactive talks and and panel discussions with leading thinkers and practitioners on social media and networked business, or browse the catalogue of recorded sessions - all completely free.
Reach Social Media Today's community of marketing and communications professionals in an editor-approved context with a native advertising package.
What You Should Know About the HeartBleed SSL Security Bug
Posted on April 13th 2014
If you have an account on Yahoo mail, Gmail, Instagram, Netflix, or a variety of other websites, you may have been affected by the HeartBleed SSL security bug. HeartBleed just became public this past week, and is rapidly being addressed, but it represents an SSL security vunerability that may have existed and been exploited by hackers for up to the last two years. I just read two great news articles on Heartbleed, which I've summarized and added to here, and link to at the bottom of this post.
First, what is SSL? Is it like LOL?
SSL stands for Secure Sockets Layer, but most internet users probably recognize it as the padlock in our browser address bar and/or a website url beginning with "https" instead of "http". SSL encrypts the data we send to and from a website, so hackers can't read it. Heartbleed is a bug in the SSL process that was uncovered by a security expert at Google last week. It affects OpenSSL, a popular program used to run SSL security on many websites. Heartbleed ONLY affects the OpenSSL program, so websites that use a different SSL program are not affected. More importantly, the way HeartBleed works is that a flaw in the OpenSSL program allows a hacker to read the secure data transmission while it is stored in temporary memory, and only while it is temporary memory. Hackers can't steal all of the website's data... they can only retrieve any data transmissions while they are stored in temporary memory. Thus, if you were using a website in secure SSL mode while a hacker was eavesdropping, he could have stolen your information. But it is important to remember that is only the data as it is temporarily stored in temporary memory, and it is not the website's entire database. Further, although security experts believe this vunerability may have existed for up to the past two years, it is unclear if it was exploited by hackers and/or to what degree.
What websites were effected?
According to Mashable, the list of websites using OpenSSL is significant, and includes Instagram, Pinterest, Tumblr, Google, Yahoo, Gmail, Yahoo Mail, GoDaddy, Flickr, Netflix, YouTube, and Dropbox. The good news is that Mashable lists many banks, and none of the banks were affected by Heartbleed. Further, all of the popular websites listed above have patched their SSL security now, but there are a LOT of websites using OpenSSL.
What should you do?
You should understand how Heartbleed works, what websites were affected, and how it might affect you. More than likely, affected websites will be emailing their customers with further instructions. It's important to make sure any website (if they use OpenSSL) you use in secure SSL mode has patched or fixed their server before you continue to use their service, and you should ask them if you need to change your password.
What about us webmasters with secure online stores?
I first heard about Heartbleed this past week because we have an online store that uses SSL. Our SSL provider notified us that we may be at risk, but explained that the issue was not with their SSL certificate, but was with our webhost, and depended on whether or not our webhost used OpenSSL. Our SSL provider provided the following link to check if our website was vunerable. In our case, our store was not affected. But if you have a website that uses SSL, if you haven't already checked, you should use this link to see if your website is affected, and if your webhost is using OpenSSL, you need to make sure they have patched or fixed it, or do so immediately:
Similarly, if you do any online ordering or other web activity that requires SSL security, before you do it, check the website you are using at the above link first to see if they have been compromised by the Heartbleed bug.
For more information, I highly recommend reading these two articles: