Online adult business owners and webmasters face an array of challenges in the current market, everything from competition to piracy, but most recently the Web experienced a world-wide shock with the Heartbleed Bug. This serious OpenSSL vulnerability allowed hackers to steal protected information through a weakness in SSL/TLS encryption and exposed personal, financial and other important and private information. And it affected websites of all sizes and categories, everything from Yahoo to RollingStone.com, sending users around the globe scrambling to change their passwords. The list of affected sites is pages long, and websites including heartbleed.com have provided an easy search bar that allows users to type in any website to test for vulnerability.
The Heartbleed Bug has rocked the Internet, as OpenSSL is the backbone of an incredible number of programs and services that allow SSL or TLS based protocols, as well as almost 60 percent or more of websites that offer HTTPS connections. And in the adult industry, user data protection is key not only for credit card and payment processing but also for discretion and privacy of site members. And the Heartbleed flaw exposed both valuable members’ information, but also that of our very own networks – and if you haven’t already, adopting Fixed SSL and alerting users should be your No. 1 priority.
The bright side of this Heartbleed “disaster” is that we all have the opportunity up give our security strength a serious upgrade.
If your site(s) have been confirmed vulnerable, alert all members immediately. Possible exploitation or attacks are untraceable, which means there’s no way to know 100 percent if your users’ information was leaked. This means it’s up to you to patch this security threat, and until you do – and can confirm to your user base – there’s a serious risk of revenue loss. Trust is key, and without fast and straight-forward communication, trust will be lost.
Recommend that users check every website they commonly use (adult or otherwise) to test for Heartbleed vulnerability and edit their passwords as needed. There’s a chance that every user has been affected by Heartbleed either directly or indirectly. To test your site for the Heartbleed vulnerability, visit http://www.redapplemedia.com/go/heartbleed.
The bright side of this Heartbleed “disaster” is that we all have the opportunity up give our security strength a serious upgrade. Our personal data may have been exposed, but so has the infrastructure of these cyber criminals’ hacking methods. And fortunately there are tools that website owners can use to test their own systems for privacy weaknesses, including Heartbleed, as well as services that help beef up site-wide security.
The new SafeGuard feature by Codenomicon Defensics can detect and reveal all kinds of vulnerabilities and bugs, including Heartbleed, and is automated to make the process as fluid as possible. Be sure to replace any vulnerable SSL certificates and cryptographic protocols with those that have been patched to protect from these kinds of vulnerabilities. Considerations like keeping up to date on virus protection and definitions is crucial, as well: threats to your website are dynamic and ever-changing, so it’s absolutely critical that your protection is updated consistently and evolves to deal with threats that morph on a daily basis.
A good managed hosting package and a close relationship with your hosting provider also will go a long way toward optimizing your security. Many companies simply aren’t staffed with IT professionals who can handle the broad range of tasks and techniques that are required to provide solid security in-house, so it’s common sense to work with a host that has the expertise, man power, and service packages that include essentials like robust firewalls, software that detects and prevents unauthorized server access, traffic tracking to detect sudden bandwidth spikes, intrusion attempts, and other indicators of malicious use of your sites. Security can be a daunting subject for business owners, especially those who lack technical background of their own. But these security protection challenges can’t be ignored – they must be faced head on and handled in a proactive and timely fashion. Whether you address these needs with in-house hires or outsource them to capable third parties, the important thing is to act decisively and urgently to lock down your network and its content as effectively as possible. The alternative is to leave your online business at the mercy of a global network that’s teeming with pirates, hackers, scammers and thieves – none of whom have a particularly strong reputation of being merciful.
Steven Daris is CEO and co-founder of Red Apple Media (RedAppleMedia.com), a managed hosting, ecommerce and video streaming solutions provider.