Protecting Against "Heartbleed"

Heartbleed Bug

Heartbleed, the latest cyber assault on private data and records, caused an international stir and sent programmers scurrying to install patches on their servers to protect them from this lurking threat.

For Blue Fire customers whose websites we host, we can tell you that we have already installed patches on our servers. The information we house including passwords for emails and website administration are no longer vulnerable to Heartbleed. Also, our websites do not store any credit card or financial information. Does that mean you can relax and not be concerned about this threat?


Heartbleed apparently went undetected for two years. During that time, Heartbleed was able to create an opening in the encryption technology OpenSSL, a technology used in about two-thirds of Internet servers. Hundreds of thousands of websites could have been vulnerable and possibly accessed by the bug, though it's unknown how many were. Heartbleed was able to intercept email and other online communications to grab the keys for deciphering encrypted data such as passwords for email, social media accounts and online access to financial services.

Just as we did, many of these sites are installing the patch to cut off Heartbleed's future access to encrypted data. But to make your passwords and personal data truly secure, you should follow what has always been advocated as good practice for years. Change your passwords regularly.

And if you use the same password for your bank account and credit cards as you did for your email accounts, change them soon, like today. You may not be a target for programmers behind Heartbleed, but it's just a good idea anyway not to have one password for everything.

The online news site Mashable has put together an extensive list of affected sites, and sites that were not vulnerable. Though many sites that were vulnerable have installed the patch to cut off access to Heartbleed, Mashable offered a list of sites for which you should change your password because of their risk before the fix.

Those sites include:

  • Facebook
  • Gmail (or other Google services)
  • Tumblr
  • Yahoo mail
  • GoDaddy
  • Intuit (TuboTax)
  • Dropbox
  • LastPass
  • OkCupid

Tumbler added its own blunt warning to users:

"This still means that the little lock icon (HTTPS) we all trusted to keep our passwords, personal emails, and credit cards safe, was actually making all that private information accessible to anyone who knew about the exploit. This might be a good day to call in sick and take some time to change your passwords everywhere -- especially your high-security services like email, file storage, and banking, which may have been compromised by this bug."

Ready to get started on an awesome new website?