
Most of you must have heard about the Heartbleed bug by now. If not, you definitely must read this article. Many experts have rated the Heartbleed bug 11 out of 10 on the security breach scale.
To first understand what Hearbleed is, you can check out this article on Wikipedia or this dedicated, although more technical website.
More importantly, we are writing this article to ensure you that HVAC-Connect.com is in no way affected by this bug. Here’s why:
1. We don’t use the OpenSSL protocol. OpenSSL is used on secure websites – their address starts with https . Because our site doesn’t use nor keep any sensitive information, we use the standard http protocol.
2. Does that mean your site isn’t secure? We use a lot of advanced tools to protect our website from possible attacks. That being said, the only information we have on you is your name, email address, encrypted password and your company listing information, which is public anyways. In other words, a hacker would be very disappointed if he managed to breach our security! The worst he could achieve would be taking down our site or modify your company listing. In both cases, we could fix everything very quickly and easily by restoring one of our regular backups.
3. What about payments? If we were using or storing your credit card information, we would use the OpenSSL protocol… and this article would be a different story. But we redirect all our users to PayPal’s secure website for payments. PayPal use the secure OpenSSL protocol to process your transaction, then only lets us know if your transaction was successful or not. We do not handle any bank or credit card information directly.
4. If PayPal use OpenSSL, then THEY can be affected by Hearbleed! This article on Mashable lists all major websites, if they were affected and patched, and if you should change your password on these sites. As per this article and many others out there, PayPal is not affected by Heartbleed. Here’s also Paypal’s Press Release in the PayPal Community.
5. But I see Facebook, Twitter and Google on that list. I use one of these to connect to your site! Don’t panic, all we’ve got is the authorization to read your public profile and posts. When you log in with Twitter, Facebook or Google (or even LinkedIn, which isn’t affected), we only receive confirmation that you’re really who you say you are. We can in no way access your private information, modify your profile or post something for you, we don’t have the access rights.
So you have nothing to fear on our side. That being said, if you do have a Twitter, Facebook or Google+ account – or any account on that list – , we highly recommend changing your passwords now. But rest ensured that your account on HVAC-Connect.com is safe.
We hope you found this article useful and now feel reassured about your HVAC-Connect.com account. Please don’t hesitate to share with your friends and colleagues.