Friday, April 11, 2014
A Note About the Heartbleed Bug
Wanted to make a quick note of assurance to those that might be worried about the Heartbleed bug and it's possible effect on our site, or particularly, your data in our store.
The good news is...you are all safe here ^_^
Here at chucksanimeshrine.com, our webhost is, and has been since 2004, globat.com. Since the store was created in 2007, we've used their SSL service to keep your data safe so we don't use OpenSSL for our store's encryption. Instead, we use RapidSSL.
Also, when the store recently was upgraded and ported to the /shop/ address, I took extra measures in security to make sure the HTML coding and the PHP backend code in the store's Oscommerce engine was the very newest version (at the time of this writing ver 18.104.22.168) and that the encryption passed Google Chrome's strenuous SSL test. Any of you using Chrome will see in the store's cart page the green lock icon showing it's safety.
It's always good to be more safe than sorry and even if our site is safe from the bug, your login info elsewhere on the internet might not be...and if you use the same login credentials across the internet, a hacker could use that to login to your account anywhere.
To help stop the automation of such an act, I've also recently added reCapcha requirements for account creation and password changes on the store... this way, bots potentially using your info stolen from other sites affected by Heartbleed... won't get far here.
So, if you feel you need to change your info nonetheless, go right ahead. All customers of the old store design can log in like they did before the store upgrade; same username and all. Oh, and use the store's own password reset. Like any good secured site, neither me or anybody else has a plain text copy of your credentials.
Here's a list of site affected by the bug... keep safe and watch your personal data.
(PS: Anime.fm and TenshiOni.com do in fact use GoDaddy (a host effected by this bug) as their webhosts but currently there's no customer credentials there, so those are unaffected by this bug as well)
(IMAGE: MASHABLE COMPOSITE. ISTOCKPHOTO, SOBERP)