Internet users were shocked to hear of an exploit named Heartbleed that may have stolen user names, passwords, and credit card data along with any personal data stored on a server. We just wanted to take a moment to reassure you that your information is safe on our servers, as we were not affected. We also wanted to give some good reference sites to check other websites you may use to see if they are vulnerable along with some advice to protect your information from this OpenSSL bug.
What is Heartbleed?
When you log into a secure website, the standard way to protect your information is for them to use SSL (Secure Sockets Layer) encryption. One implementation of SSL is OpenSSL. It is used on servers that run operating systems other than Microsoft. These Unix-based operating systems are very popular for websites. Two years ago, there was a routine code update to OpenSSL that was unintentional but left a vulnerability that allows hackers to access data on secure sites.
Who Was Affected?
It is estimated that two thirds of all websites utilize OpenSSL on their webservers. This does not mean that they were all affected. Many sites are using a version that does not contain the vulnerability. Others updated OpenSSL to the patched version which was released on April 7th. DR Vitamin Solutions and its sister site Vision Clarity were not affected by the Heartbleed exploit. There are many other sites that were not as well, but some very prominent websites have been. Here is a list of 10,000 sites that were checked for the Heartbleed bug. The ones found vulnerable are listed at the top. An update scan is in progress as I write this so it will likely change. If you don’t want to wait for the update, you can check any website’s vulnerability for the exploit here but this won’t tell you if the site was vulnerable and has been patched, just if it is vulnerable when you tested it.
What Can You Do?
There are very few things we as users can do about the vulnerability. It is something that is controlled by the website and their software. We would suggest taking the time to look at the list of sites mentioned earlier or test the websites you have personal or financial information on to see whether they were affected, and if so, if they have implemented the patch. Keep in mind; this was something that was done 2 years ago. It is not a new exploit, just recently found. If you haven’t experienced any data breaches yet, you probably won’t. And most websites have already applied the OpenSSL update by now.
We recommend once you check the list, wait until any affected websites apply the patch, and then update your password. If you change your password before the update, you will need to do it again after the update. If you are uncertain if they were affected but are now safe, we recommend changing your password. It is considered a good practice to change passwords every 6 months. If you haven’t done so, consider this exploit a reminder.
Additional Questions or Concerns?
If you have any questions about the security of the DR Vitamin Solutions website, you can read our Website Security and Trust page or feel free to email or call us with your concerns.
By Greg Benic, DR Vitamin Solutions