Heartbleed and Getting a new SSL Certificate

Due to heartbleed all SSL certificate vendors are sending out emails similar to the one below offering Free reissues of certificates.

comodoSSLcertificates

The likelihood of certificate data being stolen is relatively low, and using that data for a malicious purpose is even lower. It is of course a risk though. Here’s a very technical article from Cloudflare on some of the intricacies of trying to steal keys from memory.

They’ve even launched a challenge for people to show they successfully stole a private key.

cloudflare-heartbleed-challenge

Now, a much greater risk is that user credentials were stolen from memory, such as if a website uses authentication of some sort for protected content. Or cookie and session data was stolen, that allows someone to remain logged in to a protected website; Facebook being a great example.

What did we do? We erred on the side of caution and replaced ours and revoked the old one.

Contact your host, or your SSL Certificate issuing company (Geo Trust, Comodo, etc) and ask to have your SSL cert switched out, and always, no matter what, create and maintain a password security program in your organization, however small or large.

Holly Nelson

Holly Nelson, CEO of 2C Development Group brings more than 20 years of success in internet marketing to every project. Her ability to identify production, communication, customer service and logistical pain points and to solve them through increased efficiencies in website design/development, online catalog management sales solutions, online content development and marketing brings consistent, clearly demonstrable ROI to clients. Follow on Twitter and Google+