What You Need To Know About Heartbleed

As you’ve probably read by now, there was a major security breach this week that affected the majority of the Internet’s websites. We sat down with TeamSnap Operations Lead Mark Cornick to find out what sort of impact this breach has on TeamSnap. security

So what happened?

Researchers detected a bug called the Heartbleed Bug in OpenSSL, the secure socket layer used by the majority of websites, like Gmail, Yahoo! and TeamSnap. In basic terms, that means the bug could expose the kind of information that is normally encrypted when sent across the Internet — passwords, banking information, etc. — to an attacker.

For a more in-depth explanation, check out this article.

What’s been done in response?

The OpenSSL folks have already put out a fix, which has been picked up widely. On the TeamSnap side, we found out about the bug — and the fix — when it was announced and immediately went into action. We checked to make sure all of our servers had the fix, we contacted our tech partners to make sure they knew about the bug and were also adopting the fix, and we revoked our previous security certificate and private key and issued new ones.

Was TeamSnap affected?

To our knowledge, there were no attacks to TeamSnap or its stored data. However, we pride ourselves in offering the kind of information security we’d want to have for ourselves. After all, in addition to being TeamSnap employees, we are also TeamSnap users. Though we have no knowledge that any of our information was negatively affected, we wanted to be proactive.

You’re a wicked smart kinda guy. What advice do you have for people in light of this bug?

Despite the fact that we don’t think TeamSnap information was compromised, we highly suggest users to change their TeamSnap password. Because Heartbleed affected so many sites, consider changing ALL of your passwords across the web. We suggest updating these passwords on a regular basis, which many of us don’t think to do until an incident like this happens. Consider using different passwords for each site you use. That way if one password is compromised, not all of your passwords are compromised.

That sounds kind of annoying. I sometimes forget my own birthday, so how can I remember dozens of passwords?

There are some tools to help with this. For example, if you have iOS 7 or Mac OS X, you can use the iCloud Keychain, which generates passwords, stores them and autocompletes them for you. There’s also a tool called LastPass, which is a password manager that keeps a secure database of your passwords and remembers them in your Internet browser.

We at TeamSnap take security very seriously. We will continue to take ninja-like proactive measures to ensure your information is safe with us. If you have any more questions, don’t hesitate to contact us at support@teamsnap.com.

Responses...

Tony Porterfield  

Thanks for your swift action and transparency! I appreciate both the efforts in remedying the problem and the communication of what you did and what users can do.

Scott  

It is erroneous to call it a security breach. No one has any evidence that any information was culled from vulnerable servers. Perhaps “threat” would be a better term?

Dan  

Majority of websites? Site your source.

Anonymous  

Using open source code is always a risk, and the fact that many others make the same mistake is not an excuse for perpetuating the error. There are other encryption options available, and the good news is that they’re all pretty cheap.

Stephanie Myers  

Hi Dan: Most news outlets are reporting that two-thirds of all websites were affected. Please see the link referenced at the beginning of the post for citation. Thanks!

A fan  

THE Stephanie Meyers?

Eoghan  

By the nature of the attack you would not know if you were attacked, so why say “we have no knowledge that any of our information was negatively affect” of cource you don’t know if you wer or wer not.

Dan  

Don’t believe everything you read :)

The majority quoted refers to the percentage of Apache and Ngin servers in use, but actual vulnerable is closer to 17-18%, or about 500,000 sites. Still, this was quite an issue!

Stephanie Myers  

No, but I am THE Stephanie Myers. :)

Jim De Boer  

If your website (meaning one that you visit) utilizes Open SSL, it was vulnerable. A LARGE portion of the commerce websites use this code one way or another. Don’t bash Stephanie over semantics.

Well done Team Snap and Stephanie.

Post a response...

Please don't post support questions here. Contact support@teamsnap.com for all your support goodness and fastest service from our crack support team.

(optional)
(optional)
(optional)