Pinnacle Cart clients can rest easy: We have you covered
You know when a computer virus hits late-night television, it’s a big deal. Such is the case with Heartbleed, the latest threat to computer users, which has found its way not only on to computers across the world but also on to “The Tonight Show with Jimmy Fallon.” In last night’s monologue, he shared: “There’s this computer virus called Heartbleed that’s affected two-thirds all the websites on the Internet. Security experts are warning people that they need to change all of their Internet passwords. Then my mom said ‘No prob! I’ll just change my password to 1-2-3-4-5…..SEVEN!’”
It sounds funny, but your Internet security is no laughing matter. So now that you’ve been sufficiently frightened about Heartbleed, let’s talk about what it means for your business and if you need to worry that your security has been breached.
What Is the Heartbleed Bug?
Heartbleed is a programming flaw in OpenSSL, a widely used open-source cryptographic software library. It enables hackers (and anyone else on the Internet) to access a server’s memory and expose critical user information, including SSL site keys, user names and passwords, and user data. Systems potentially affected may include websites (specifically eCommerce sites), email, instant messaging, and some virtual private networks (VPNs). The flaw is limited to OpenSSL and has not caused any issues with sites using SSL encryption.
How Do You Know If You’ve Been Infected?
PinnacleCart’s #1 priority is protecting our customers and their vital information. The day we learned about the potential breaches caused by Heartbleed, we immediately scanned all of our systems and found none had been affected. In fact, we are currently in the midst of completing our PCI-DSS certification audit, which has security as its focal point. For us to be PCI compliant, we must use SIM/SIEM (security information management / security event manager) and HIDS (host intrusion detection systems); in addition, we follow a routing change-management procedure to ensure our systems are always up-to-date with changing security measures. The long and short is that, if your site is hosted by Pinnacle Cart, it has not been affected. You do not need to go in and change passwords or generate new key pairs for system access. You don’t have to worry about the integrity of your e-commerce website — because we have already ensured your security!
If your site is not hosted by Pinnacle Cart, Fixed OpenSSL has been released and must be installed on any sites running OpenSSL. Both service providers and users will need to install this fix on all operating systems, networked appliances, and software to ensure they have no problems moving forward.
It Takes a Village
Since we work primarily with eCommerce sites, we must remain in compliance with PCI regulations, which are pretty strict. Because we follow their guidelines and work with our customers to maintain that compliance across all systems, you have not been using OpenSSL encryption; you’ve been using SSL, which makes your systems impenetrable by Heartbleed. We are also a Symantec Website Security partner, and earlier this week, they let us know that they immediately implemented best practices by patching their systems and rekeying all certificates on their Web servers. At no time were their systems at risk, and by association, neither were ours.
Rest Easy; You’re Covered
If you do have any questions about the security of your PinnacleCart-supported website, we’re here for you. Give us a call at 800-506-0398. As business owners ourselves, we understand how important your security is, so we put that first. You’re protected with PinnacleCart. We’ll always let you know of any potential threats and how we’re taking care of them on your behalf.Back to the Pinnacle Cart Homepage