Many of you have probably heard in the last few days about a vulnerability called Heartbleed. If not you can Google it or read more here.
This is a security flaw in a library that is critical to securing the Internet in general called OpenSSL. Many (in fact, most) web servers use it to secure their websites. Like that majority of web servers in the world, ShowGroundsLive.com had the vulnerability.
What is difficult about this particular security bug is there is no way to know if anyone has exploited it against your site. What seems to be a consensus is that this is a very, very serious issue that needs to be remediated very quickly. With the spread publicity about the flaw through news media, there will come hackers who will now try to exploit it.
We have worked quickly to apply patches all our web servers to ensure the flaw is fixed. The first phase of this was completed in the early hours of today. Over the next couple of days we will be continuing with a few precautionary measures to ensure that all our customers’ data remains secure.
In addition to evaluating our internal systems, we’ve also reached out to our partners to assess their risks. In particular, we’ve reviewed the situation with our down-stream payment provider Spreedly.com to ensure their systems are secure.
Once all our measures are deployed, we will be suggesting that our ShowGroundsLive.com users update their passwords with new, unique passwords (that they have not used in the past).
We strongly encourage each of our customers (show companies) to contact your payment gateway provider to assess their vulnerability to the flaw. We also encourage everyone to assess your own web hosting environments, particularly if you host any secure forms on your site.
You can test your site or any other here.
Remember, if it is fixed currently you still want to see if the site had been exposed prior to any recent fix.
If there are any questions regarding Heartbleed, please contact us at firstname.lastname@example.org
The ShowGrounds Team