Posted on April 20, 2014
OpenSSL is a piece of software used by many web sites to provide secure web site access to users. It had a flaw which allowed anyone (who knew how) to read the server's memory. Everything passes through a server's memory, including server security data and personal data (like passwords and security questions.)
Heartbleed is a major bug with its own website that you can go to for more information: Heartbleed Bug.
No, Leavins-Software.com was not affected by Heartbleed. As of this writing, Leavins-Software.com runs on a server using Debian Linux 6. Even though the current version of Debian is 7, they still support 6. To make a long story short, the server was running an older, unaffected version of OpenSSL.
I take security very seriously, but it took me a while to realize the value of informing concerned parties that Heartbleed was a non-issue for Leavins Software. If something goes bad, what to do is obvious: tell people. But if something doesn't go bad, what should you do?
It dawned on me this morning that, if we're talking about a serious, well-known security flaw like Heartbleed, you should still tell people about it.