Heartbleed on Weaver/Aspen Sites

All Weaver, Aspen, and Aspen Themeworks sites are currently safe from the Heartbleed bug.

Note that Heartbleed is an issue with secure transactions, which is normally at a lower level than WordPress or WordPress themes and plugins – that is, your hosting company.

While our hosting company, BlueHost.com, updated their system as soon as the bug was announced, CloudFlare had the bug fixed on their systems before the general announcement.

This is just more evidence that CloudFlare continues to provideĀ  better security, as well as better performance, for your sites, and we continue to recommend it highly for your own sites.

We would recommend that you change your passwords for any accounts you have anywhere that might contain sensitive information. There is little evidence that the Heartbleed bug has resulted in any known security breaches, but it is still a good idea to update passwords, especially on sensitive sites. None of our sites store any particularly critical information such as credit card information or the like (that is all handled by PayPal). We just save your ids, e-mails addresses, encrypted account passwords, any profile info you may have provided, as well as the serial numbers for any products you may have purchased.

If you’d like to know technical information about Heartbleed, see this video for an excellent explanation. Note that this is really just another example of what is the most common security problem that has been around since the first programs were written – unintended access to a program’s data stored in memory. Programming techniques to avoid access to program memory has been well-known for many years, and to find such a basic flaw in a major security code is appalling.

While there are no known breaches at this time, it has been proven that it is possible to exploit the bug. Here’s an interesting article: http://www.engadget.com/2014/04/11/heartbleed-openssl-cloudflare-challenge/