The 'Heartbleed Bug' and Actions to Take

On the morning of 8th April we finished patching our platform against a potential security exploit called 'Heartbleed'. If you want more details about the vulnerability, there’s an article in The New York Times about it, and this cartoon shows visually how the bug works on unpatched servers.

What is most important to know is that 'Heartbleed' is a critical vulnerability, and potentially affected nearly two-thirds of websites on the Internet who use OpenSSL to secure communications.

Many Internet companies both large and small have been working long hours to update their services to keep customers and visitors safe.

While analysis of CCNow system logs does not show a pattern of traffic that might indicate someone trying to exploit 'Heartbleed' on our platform, as per industry best practice we rotated our SSL certificates as a precaution.

Our technicians continue to monitor the situation, and should any new information come to light we will contact anyone affected directly, and post an update here in the public 'News' section.

If you are a CCNow Client who has reset their account password and Shopping Cart API Activation Key because of 'Heartbleed', it has been safe to do so since 8th April. We recommend as per industry best practice that all Clients do so. (Login to the Client Menu and view 'News and Information' for details.)

Customers who have purchased from us do not need to take any action related to their purchase due to 'Heartbleed' at this time.

Regarding the impact of the 'Heartbleed Bug' on other websites, and your use of mobile devices, we suggest regularly checking the official Heartbleed Bug website, and sites such as Krebs on Security.

Posted on 04.11.2014