WARNING: Archival Site
This is an old website that exists for archive purposes only. Visit https://gutensite.com for our real live site, website builder and digital marketing services.
Our Response to the Heartbeat Security Flaw
April 08 2014
April 08 2014
This is probably too geeky for most people, but for the sake of transparency I wanted to let you know what our status is in regards to the recently popularized "Heartbeat" security threat. "Heartbeat" is a flaw in OpenSSL, a protocol that manages the secure connections of the servers that run 2/3 of the websites in the world. Essentially it allows hackers to theoretically view 64KB of the current memory space (that's a lot of data). This random, raw data, but it could contain secure information like passwords and private SSL keys.
Lots of servers had implemented other protocols that made them secure against the vulnerability. And other servers, like Gutensite, are theoretically vulnerable to the attack, but since each connection has it's own resources the only user information an attacker could get was their own information, e.g. not other users passwords.
As soon as news broke about the vulnerability, and a patch was issued, we immediately updated all our servers. You can check our servers with this tool and see they are secure.
This vulnerability has been present since 2012, and it would not surprise anyone to learn that the NSA engineered it themselves, given the stream of revelations regarding their misbehavior to undermine all sorts of public security protocols in the past decade. But it's not clear that it was known by hackers during any of this time.
Although we aren't a large target like Yahoo!, it is possible that Gutensite's private key for our SSL Certificate could have been compromised, although only a select group of of operators like the network operators, the NSA, or criminals with a few million dollars of equipment in the right locations, could use that information. But just to be safe we reissued the certificate after the patch was in place. Everything should be as secure as possible now.
We also implemented Forward Secrecy, which essentially generates a new key for every connection, which make SSL far more secure than it was even before. If someone somehow steals your ssl key from one connection, it won't decrypt data from another connection.
We recommend that clients who use SSL ask us to resissue their certificates as well, just to be safe. And it's a good idea to change your password (something you should do regularly anyway).
Archives
June 10, 2022
Common Questions about Migrating Your Website from 1.0 to 2.0
Your website on the retro 1.0 version of our platform will continue to function until at least June 2023, and after that we will keep the old platform working as long as is necessary/reasonable to ...
June 06, 2022
Upgrade Your Old Website to Prevent Lawsuits and Improve Marketing
Over the last few years, we have been working on the overly ambitious project of rebuilding our Website Builder and Content Management System based on modern coding standards, cutting edge design, ...
June 10, 2022
The New Gutensite Website is Live on Our New Platform!
Did you notice we just launched a new version of our website? Go to https://gutensite.com to see what's new. Look around and imagine how your business could be helped if we transformed your website ...
October 06, 2021
ADA Compliance and Website Accessibility Standards
In the last few months clients have had a growing paranoia about a growing number of ADA lawsuits (Americans with Disabilities Act) for website accessability. There have been reports of "serial ...
September , 2021
New IDX Widget Going Live for Everyone
As part of our ongoing efforts to improve our system and also stay up to date with the changing technology requirements of each MLS, we have created an entirely new IDX Widget that was released to ...
2022 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2021 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2020 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2019 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2018 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2017 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2016 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2015 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2014 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2013 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2012 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2011 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2010 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2009 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
2008 Archives
| Jan | Feb | Mar | Apr |
| May | Jun | Jul | Aug |
| Sep | Oct | Nov | Dec |
—Sarah Nguyen