Over the past day or two you may have been hearing about a major security vulnerability that impacted services like Yahoo!, Eventbrite, and Imgur. CVE-2014-0160, commonly called Heartbleed, is a serious OpenSSL vulnerability that would allow nefarious users to gain access to encrypted data from a server’s memory.
Green Egg Media wants to assure all of our clients that their data is secure and that we have not been impacted by this vulnerability. All of the servers that we use to store client data and host client websites are running versions of OpenSSL which are not vulnerable to a “heartbeat” attack. For our e-commerce clients that are running on FoxyCart stores, we want to assure you that your data and your customer’s data is also safe. FoxyCart announced yesterday that their services are secure and have not been breached.
It is estimated that Heartbleed may have affected as many as 66% of all web servers around the world. This number is probably too high considering that only selected versions of OpenSSL were impacted; however, the versions which were vulnerable have been in release for over two years now. While the vulnerability may have been wide-spread, unfortunately it is impossible to know whether or not any particular server was actually compromised. A cyber ciminal could get information from a vulnerable server’s memory without even leaving a trace of the request. While most affected service providers, including Yahoo!, have now fixed the problem, if you are a regular user of any affected services, we strongly recommend that you immediately change your passwords for those services, as well as any other services where you are also using that password. In general, we recommend that you never re-use passwords, but we know that many people reuse them anyway.
Since this vulnerability is so widespread, everyone who uses the internet is probably affected somehow. If you use any services that require you to sign in with a username and password, check with the service provider to make sure that they are not running a vulnerable version of OpenSSL. According to the official Heartbleed information site, the status of different versions of OpenSSL is as follows:
There are several guides for server migration under ExpressionEngine 1.x, but so far nothing on migrating ExpressionEngine 2.1. This guide is based our our own experience of moving a site from a development environment to a production environment. We have tried to capture as many aspects of the move as possible, but every EE site is different. You may find that we include steps which you can omit, or you may discover that there are additional steps you need to take. It can’t be said enough - before you start making any significant changes to your database or file system, backup your data!
While iteration may feel like the impossible process of spinning straw into gold, you have to admit that it’s the key to producing a digitized work of art that you’d proudly point at and claim as your own. Besides, it’s sort of an adventure where you challenge yourself in your craft without having to step outside or stray too far away from your computer. To ensure that your iterations are meaningful, use the following four methods to be inspired.
Think of a web designer and you instantly picture someone creative and spontaneous. Well web designers and developers are certainly creative, but they need not necessarily be spontaneous. Most web designers are disciplined in their approach whether it is in terms of creating a design and developing it into a fully functional site. That is a good quality, but being fixed in the approach is not entirely acceptable, for that inflexibility can rub off on the site you develop. Flexibility here means adaptability, but it does not mean going into the field without a plan. Successful web developers are meticulous and also flexible, which also reflects in the work they do.