What is “Heartbleed,” and why is it a big deal?
In very simple terms, the Heartbleed bug is a coding error in the encryption behind the https:// that you see in front of secure websites. The exploit makes it possible for a hacker to grab random 64K blocks of unencrypted data out of a server’s memory – which could be anything from useless bits of random data to sensitive information like passwords and card numbers. For a more detailed explanation, see www.heartbleed.com.
Which sites were affected? How do I know if a site was hacked?
The bad news is that Heartbleed isn’t limited to any particular site or group of sites. The initial estimates are that half a million websites could have been vulnerable. There is no way for you to tell which sites you visited were vulnerable – it could have affected literally any site you saw an https:// in front of for the past two years.
The good news is that this was a vulnerability discovered by security experts, not an actual data breach discovered as the result of a crime. No websites have been reported as “hacked” so far. It’s even conceivable that no “bad guys” knew about the vulnerability before it was reported this week. However, no one knows for sure.
Was the Digital Check site affected? Were any banks using Digital Check scanners affected?
No, the vulnerability only affected sites running OpenSSL version 1.0.1, and digitalcheck.com was using a different version. The Digital Check site also did not use the RFC6520 “heartbeat” extension of OpenSSL that generated the vulnerability. There is no indication that any information from the Digital Check website was affected.
Digital Check does not process transactions for banks; we only provide the equipment. The banks process transactions on their own, separate secure networks.
The only place on digitalcheck.com that uses https:// is the secure client login area. No credit cards or other payments are used there, and the only sensitive information used there is a user ID and password. The only potential danger to you would be if you used the same login information across many sites and one of them was compromised.
Many experts have advised the public to change their passwords on all sites that they use, but to wait until they know each site is secure before doing so. 22.214.171.124/digitalcheck-l3 can be considered secure.
What about your online store?
Digital Check’s online store is operated through Netsuite, which is separate from the Digital Check website.