You may have heard the worrying news about the “Heartbleed” vulnerability which affects the majority of secure Internet communications which are intended to keep your information private during transit. Most worrying to security professionals is that it a bug that has been in the wild since March 14th, 2012, and if someone were to exploit it, it’d be completely undetectable.
For further technical details, see our blog post on the subject or the Heartbleed website.
Was Any Private Information Leaked?
We have investigated and found no evidence of attack or compromised customer data. Unfortunately, due to the nature of the vulnerability, there might not be any trace of a break-in. Since this is nearly industry-wide, but only publicized this week, there are a lot of unknowns.
Is Smalldog.com Safe to Use?
Yes. We reacted swiftly to ensure that the bug was fixed and that any possible past use of the vulnerability cannot prevent future Internet communications from being private & secure.
While the majority of our systems were not susceptible to this bug, the ones of most interest to you—our shopping cart web servers—were. So, we have updated our server software to resolve the issue (we already do this frequently to ensure your information is safe and as part of our PCI DSS compliance).
In addition to making sure the bug was fixed, we had new SSL certificates issued so that all communications from now and into the future will be newly secured, just in case someone had been able to compromise the old ones. We have also reset all Top Dog Club login sessions so that all users will be required to log in again using the new encryption.
What Should You Do Next?
To be as safe as possible, we highly suggest that you log into the Top Dog Club and reset your password, especially if your password has been used for multiple websites.
In addition to that, we agree with the general suggestion of resetting all the passwords for websites and services that you use. However, it’s advisable to only reset passwords for those sites which you have confirmed either were not vulnerable in the first place or have already fixed and re-secured their services, like we have. That way, you’re not resetting a password on a site that may still expose your new password.
You can check our site and others to see whether they’re vulnerable using the Heartbleed test.
Is Mac OS X Server Vulnerable?
No, the built-in software in OS X and OS X Server is not susceptible to the “Heartbleed” vulnerability as it runs a different branch of the OpenSSL software which does not contain the bug. That said, if you are using a third-party installation of Internet server software from MacPorts or Homebrew (or have manually compiled & installed OpenSSL), you may be vulnerable and should check & upgrade ASAP, if necessary.