What's Heartbleed?

You may have heard in the news lately about a major security problem affecting millions of internet users, known colloquially as Heartbleed. In a nutshell a programming error was discovered in the encryption of OpenSSL (open source encryption standard) that's meant to securely transmit data (online purchases, IMs, emails etc) for more than 2/3 of the world's websites online.

image source: Heartbleed.com

Very recently programmers discovered a flaw in the design of this encrytpion framework that tricks the recipient computer into sending packet data therefore exposing sensitive user information.

There are stories like this one going around talking about millions of companies being vulnerable, hundreds of thousands of servers with the bug. It's serious and all users of the interwebs and its open source apps should take note.

DesignCrowd Users Not Affected By Heartbleed Bug

We take our users' privacy and security very seriously and have investigated this issue when OpenSSL Project issued a Security Advisory several days ago. We have checked our servers, both Designcrowd and Brandcrowd, and verified that we are not running the affected software. If you are a registered customer or designer and have used our service recently or a long time ago, we can confirm your personal information is not at risk now nor in the past from this bug.

Acting DesignCrowd Chief Technology Officer, David Carson:

Versions 1.0.1 through 1.0.1f (inclusive) of OpenSSL are vulnerable to this security flaw, and we have confirmed that none of our servers are running any of those versions of that software.

No action is required from DesignCrowd users, however it never hurts to change your password regularly and avoid reusing the same password for all your logins. Increasingly, major apps like Twitter, Facebook, Google offer the security conscious user two factor usage as an extra security precaution. Apps like Last Pass and 1Password are also handy.

Keep an eye out for these notices like this one from vulnerable sites taking steps to safeguard their users:

More reading

If you are looking for more information, check the following:

• Mashable - Heartbleed Bug Websites Affected. Mainly a US-Centric list of sites but worth a gander. Don't forge that apps will be releasing patch fixes and will ask you to update your passwords once they've performed the fix so also keep an eye on Git Hub and Last Pass for websites vulnerable to the attack.
• Business Insider - What is the Heartbleed bug?
• Github - Heartbleed Mass Test 1,000 list - check out which sites are vulnerable
• Tech News Today - TNT 981 SSL Flatlines with Heartbleed - Everything you need to know about Heartbleed from leading tech news podcast

Written by DesignCrowd on Thursday, April 10, 2014

DesignCrowd is an online marketplace providing logo, website, print and graphic design services by providing access to freelance graphic designers and design studios around the world.