The Heartbleed Bug: Check Your SSL Certificates

News of the Heartbleed bug has made the rounds throughout mainstream media and if would appear that the internet is coming to an end; fortunately, it’s not that bad. But Heartbleed is an insidious bug albeit focused only on a certain aspect of your website and here’s what you need to know to make sure your site’s encrypted transactions are safe.

  1. Do you have an SSL certificate at your site? If you know the answer is no, then you can stop here. You’re fine.
    Not sure? Do you process credit card numbers via a payment gateway like or PayPal pro? Then the answer is yes. If you still aren’t certain, head over to this tool, punch in your URL, and check.
  2. If you have an SSL certificate, you need to contact your SSL provider ASAP to see if they’ve tested for vulnerabilities. Only the worst of providers haven’t done that already and most have already reached out to users with status updates.
  3. If you don’t process transactions directly and instead, rely on a box office provider to do that for you at their hosted site (most do these days), you still need to be in touch with them ASAP to make sure they’ve tested their SSL configuration and know if there are/were any vulnerabilities. After all, these are still your patrons and they’ll (rightly) blame you if their payment data was compromised.
  4. An additional point of contact for an SSL certificate is a secure email client so if you process email via a separate server than your website and it uses an SSL certificate, you’ll need to check that connection as well via the respective provider.

If you have a good provider, this whole scare has probably blown right past you. I’m thrilled to say that my hosting partner (who also handles installing and maintain SSL certs) for The Venture Platform is not only good, they are great; as a result, all of our users with SSL certificates had zero vulnerability issues.

Granted, we still spent most of yesterday double and triple checking any potential weak points but when it was all said and done, we were shipshape (knock on wood).

If you think your data may have been compromised by a website or email server with a compromised SSL certificate, you should update your passwords ASAP, which is a good habit to get into anyway. Here’s a good resource for creating a strong password and guidelines on how often you should update them.

About Drew McManus

"I hear that every time you show up to work with an orchestra, people get fired." Those were the first words out of an executive's mouth after her board chair introduced us. That executive is now a dear colleague and friend but the day that consulting contract began with her orchestra, she was convinced I was a hatchet-man brought in by the board to clean house.

I understand where the trepidation comes from as a great deal of my consulting and technology provider work for arts organizations involves due diligence, separating fact from fiction, interpreting spin, as well as performance review and oversight. So yes, sometimes that work results in one or two individuals "aggressively embracing career change" but far more often than not, it reinforces and clarifies exactly what works and why.

In short, it doesn't matter if you know where all the bodies are buried if you can't keep your own clients out of the ground, and I'm fortunate enough to say that for more than 15 years, I've done exactly that for groups of all budget size from Qatar to Kathmandu.

For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, keep track of what people in this business get paid, help write a satirical cartoon about orchestra life, hack the arts, and love a good coffee drink.

Related Posts

Leave a Comment