As you are probably aware by now, earlier this week a very serious security vulnerability was discovered (nicknamed “Heartbleed”) that impacted many of the secure websites on the internet: Facebook, Dropbox, Google, Yahoo and Amazon. It’s in no way overblown drama we are used to online: this s**t is real, and it may just be the biggest, most widespread vulnerability in the history of the modern web. Half a million sites are vulnerable.
Security specialist Bruce Shneier wrote about the issue:
“The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory — SSL private keys, user keys, anything — is vulnerable. And you have to assume that it is all compromised. All of it.
“Catastrophic” is the right word. On the scale of 1 to 10, this is an 11.”
Because the problem is very technical, and unlike most hacker-related issues it is not limited only to having our passwords stolen, as users the only thing we can do right now is change our passwords and hope for the best.
Frostbox has responded to this vulnerability immediately after it was announced and have been working continuously since then to ensure that our systems and your data are as secure as possible.
By Tuesday evening, Amazon Web Services (our hosting provider) had also completed patching all of their associated infrastructure. We have no evidence that Frostbox systems or user data were compromised due to this vulnerability.
What should I do?
To ensure complete security of your Frostbox account, but also other accounts that may be affected, there are several important precautions you must take:
We recommend that you change your important passwords online (e.g. banking, social media, etc.). It is best to use a different password for every service.
Change your user account password in Frostbox by logging in and going to you account (top right) > change your password (bottom left)
We highly recommend the use of a password manager like Lastpass.com or 1Password.com to help you use and manage the most secure passwords possible.
It’s highly recommended you enable Two-Factor Authentication on your Frostbox account.
We take the security of your payments and data extremely seriously and have rapidly followed all the best practices in response to this issue. If you have any further questions, please feel free to reach out to us at firstname.lastname@example.org.
Image credit: MashablePosted April 11, 2014
Frostbox is a social media backup service that allows you to make a copy of the most important data (like photos, contacts, followers and more) from your social accounts on Facebook, Twitter, Gmail, Linkedin, Foursquare, Flickr, Instagram & Tumblr.
We love giving stuff away free, sign-up to Frostbox and start backing up your social media accounts.Sign Up Now