|Wed Apr 9 2014 21:08:01|
Chasing Down the Heartbleed Bug for Online Merchants
By: Ina Steiner
After spending the past two days wading through reports on the Heartbleed bug and reaching out to companies to see how their merchant customers were impacted by the security vulnerability that unknowingly existed for the past two years, it's difficult to know just how much trouble we're all in.
Online marketplaces and payment services were placating, telling me either they were never impacted by Heartbleed or reporting that patches were in place, so buyers and sellers had nothing to worry about.
But for merchants who run their own ecommerce sites, the news may not be as reassuring (even if some of those reports turn out to be giving users a false sense of security). ShipRush product manager Raf Zimberoff exuded a sense of urgency that merchants who use open source or PHP-based system on their websites take immediate action.
And, he named names.
"If you use any PHP app (zencart, magento, opencart, prestashop, woocommerce, etc etc), even if part of a hosted solution, but especially if you are responsible for the server, then you MUST pay attention," he said.
If you pay a company to host your website server, make sure they've issued a patch - you may need to implement the patch yourself, or they hosting company may have done it for you.
Many ecommerce-related companies did not post anything publicly on their blog posts. Kudos to Etsy and PayPal for being among those who did.
You can read EcommerceBytes coverage here (today's story) and here (Thursday's issue, which includes comments from eBay, etc.).
Let us know what questions you have and advice you care to share with your colleagues.