What Happened in Internet Security this Week, Our Response, and What You Should Do

heartbleedblog

ReadyForZero joined nearly every major website and service provider this week in responding to the vulnerability discovered on April 7th known as Heartbleed. In short, this vulnerability opened up the possibility of a technical attacker being able to view encrypted traffic to an affected website, which could include your username and password or other sensitive information. If you’re interested in more of the technical details, see the last section of this post.

Our response

When we understood that our hosting provider, one of the largest in the world, was affected by the vulnerability, we immediately moved our main site onto servers that weren’t vulnerable and generated new encryption keys. We also completely disabled billpay and credit report features since these transmit especially sensitive information, such as credit card numbers or social security numbers. Until we were able to understand exactly how we were affected, we decided this was the safest response. Once we applied the fix to all parts of our site, we restored full service. This happened within 24 hours of when the vulnerability was made public.

What you should do

There’s no evidence that suggests that any of our users were affected as a result of this, but the nature of the vulnerability is such that we’ll continue to watch for anything suspicious. In the meantime, we strongly recommend that our users change their passwords, not only on our site, but on other sites with important data – such as your bank or your email account.[1]

Change your ReadyForZero password now

More details

The vulnerability affected the mechanism that websites use to secure communications between your browser and the website’s servers. You’ve probably seen a little lock or green box on your browser – it looks like this on our site:

ReadyForZero

This means that communications are encrypted between you and the website. This is like sending a locked letter through the mail instead of a postcard, no one can read it unless they have the key. Heartbleed allowed anyone with technical knowhow to get the master key and open up the locked letters to and from any site. As mentioned above, part of our response was to generate new keys, which you can see if you click the lock on your browser, are dated this week:

ReadyForZero

If you have any questions, feel free to email us at help@readyforzero.com and ask.

Change your ReadyForZero password now

 

[1] Your email account is important since this can be used to reset your password on other services. If you’re looking for more security there, you can enable stronger security by enabling “2 factor authentication” – which means you need to respond to a text message on your phone before you can access your email from a new computer. It’s not that painful, we do it. Here are the instructions if you use gmail: https://support.google.com/accounts/answer/180744?hl=en

Image Source: heartbleed.com

Receive updates:      
You can always unsubscribe by clicking on the link at the bottom of each e-mail.

  • Josh

    So we should reset all passwords for any banking accounts linked to ready for zero? Even if they said they weren’t vulnerable, redy for zero may have made that info vulnerable during transmission? Let me know if I’m understanding this right, please.

    • Ignacio (cto)

      Hi Josh – backend data transmission between us and your bank was not affected by the bug.

      The vulnerability did open up the possibility of a technical attacker being able to view traffic between you and us, and the only time this would have impacted your linked accounts is at the moment of linking an account.

      Again, we have no evidence of suspicious activity at all on anyone’s account, but as mentioned above, we’ll continue to be on alert for it. In the meantime, we suggest to change your passwords as a precaution, especially if those accounts were associated with email providers like Gmail, Yahoo or connected to other services like Intuit or Mint, which were all also affected.

      Your trust is the most important thing we have.

      If you have more questions, you can email me at help@readyforzero.com, I’ll be personally responding to emails there.