We are doomed.
P.S. Happy Monday!
In all seriousness, this made for a pretty bad day for Sysadmins, as every server running the 1.0.1 branches of OpenSSL had to upgrade every server, and then begins the hard part… It’s time to reissue our SSL certificates. And then change passwords (all passwords) that touch SSL. And then invalidate all your session keys and cookies…
Guess what? That’s your job, Store Owner. There’s no way to tell if your server was compromised. There’s no way to tell if data was sniped. And just upgrading isn’t enough. There’s more to do, and this is not the post to talk about it. This is to talk about running a store.
Take a deep breath. This is a big thing. This is probably the hardest part about a store, the security stuff. It’s confusing to people who do it for a living, and most of us are just dabblers. So when you get a big scare like this Heartbleed, and look at how big it is, you realize how much you really are doing something serious and not just a fun store game where you magically make money.
If you’ve read patching Heartbleed from Sucuri and you’re still confused. Hire someone to be a security expert if you don’t know what it all means, and think of it like having a security guard. You don’t want people stealing things, and data (if Target isn’t a good enough example) is a big thing to steal these days. Your store, even if you’re only selling four books like me, is a small target, but it’s important to remember that trust is what continues sales.
We don’t go to stores that make us uncomfortable. We don’t go to stores that we don’t agree with ethically. We don’t go to stores where we don’t feel safe. If people don’t feel safe, they won’t shop here. And yes, I did all that work with my SSL and certs here on the 7th and 8th, including the passwords. You’re safe to shop.
But I can understand if you’re leery. Now we’re stuck wondering who to trust, and I can’t tell you that. You have to decide on your own.