Chasing Down the Heartbleed Bug for Online Merchants

by: The End

I've just asked my cart provider what actions they've taken.
We'll see what they have to say.
I understand a patch can be applied.

by: KathleenJohnson

I am amazed that none of the eCommerce sites have formerly addressed the Sellers yet with reassurances of any kind.

I paid my Cell Phone bill yesterday with much trepidation. If I am nervous - then so are our buyers.......

by: wallflower

Ryan Moore said "The vast majority of our services were not impacted...".
Well, which ones WERE impacted???

by: Anonymous Annie

Fortunately, my ecommerce site was not one of the ones affected by the HeartBleed bug.

After we heard about it, my husband logged in to the server's admin pages and reviewed our settings and software versions. It's all good!!

The online test shows that we're in good shape too... so I posted a detailed announcement on my site's FAQ page to reassure my customers. (I also linked to the announcement from the site's home page.)

I hope this will help to alleviate any fears that customers may have.  

by: Basset

Basically I'm still ping-ponging between the conflicting advice of ''Change your password'' and ''Wait to change your password''.

Thanks Ina & Dave for keeping us up to date on this story, I've been following it online with interest but you guys do a good job of outreach to all levels of tech ability.

Has eBay addressed it further? More of  ''we're all good!'' instead of  Moore's  '' The vast majority of our services were not impacted and our users can continue to shop securely on our marketplace.''  

Hmmm... define ''vast majority''.

by: Puck

I logged into PayPal this morning and there's now a brand new Captcha page between the landing page and the account page.

Hmmmmm

by: Philip Cohen

@Basset,

You can always tell when an eBay or PayPal spokesperson is being disingenuous—their lips are moving! ...

by: charcorvet

I called Paypal yesterday because of a glitch we kept getting and was told they weren't affected by it but there were other security issues...so...........

I changed my passwords any way cause it was 60 days since I played with them.

by: The End

Easy Peasy  :o)
Just got the New Patched EV-SSL certificate.
Here's to a prosperous season !

by: iheartjacksparrow

Agree with Basset. This morning it was "Change your password now!" but by noon it was "Experts say don't change your password!" I hope there will soon be a consensus about what we should be doing.

by: SusanO

Volusion is a particularly good choice for customers who are looking for a secure eCommerce framework that will ensure its clients and its business are protected. Multiple layers of security: DDoS solution including cloud-based and on-premise and edge routers to prevent attacks and provide efficient processing by network security devices. There are multiple layers of firewall protection. Network segmentation and security zoning to ensure that security threats are localized, and the impact is minimal.

In addition, Volusion offers man other tools, design factors and configuration and set-up techniques to protect its customers and their clients and partners: OS Based Security Configurations, Application-Based Security Configurations, Anti-Virus/Anti-Malware, Vulnerability Scanning, File Integrity Monitoring, Event Monitoring and Correlation, Redundancy, Failover and High Availability, and ongoing assessment, analysis and monitoring. The Volusion team provides its clients with an information security team, and a 24/7 security operations center, as well as external auditors and a computing security incident response team.  

One of the reasons that Elegant MicroWeb clients choose Volusion design is to protect proprietary information, confidential data and customer and stakeholder satisfaction.
Volusion Design