We’ve been asked this a few times recently, so for the record: FeedBlitz isn’t vulnerable to the Heartbleed vulnerability.
FeedBlitz doesn’t use the platforms affected, and we don’t use OpenSSL for SSL encryption on our servers.
Does that mean you shouldn’t change your password here at FeedBlitz? Not exactly. If you use the same password here that you do on an affected service then maybe you should, yes.
But ZOMG. Can we talk a little about risk here, please? Do you hand your credit card to a waiter to pay for your romantic dinner? Do you give your card number over the phone when ordering something from a local business? If you have ever done so, you’ve willingly given your payment information to a complete stranger and probably thought nothing of it.
How risky is that?
Which is not to belittle the scale of the potential risk that Heartbleed poses to the Internet’s security infrastructure. But on an individual level, you’re probably more likely to have your wallet lifted at the next major league ball game you go to. I’m personally currently unaware of any proven cases of this vulnerability having been exploited successfully for any kind of mass compromise.
Sturm, drang and panic. A heady, volatile and newsworthy combination to feed into the 24 hours cable news cycle.
How about some facts, instead of could haves and might haves. Wouldn’t that make a pleasant change?
As a reminder, here’s the one thing hackers and phishers know: They get more mileage by phishing, spoofing and social engineering (i.e. pretending to be someone, or something you trust; or simply conning you into willingly handing over secret information).
Which segues nicely into my planned DMARC post, which I’ll probably get to on Thursday now.