BioCeuticals Article

Heartbleed Security Bug - How to protect yourself

Heartbleed Security Bug - How to protect yourself
Date: 2014-04-13
Author: Ian Curtinsmith - CIO
Access: Public

An encryption flaw within OpenSSL called Heartbleed has recently been discovered and was made public on the 7th April 2014
The flaw allows attackers to eavesdrop on communications with the potential to gain access to user names and passwords for online services.
This security vulnerability could possibly effect as much as 66% of the internet making it most likely the biggest security threat the internet has ever seen to date.
FIT BioCeuticals has since undertaken security testing and has patched all our servers, firewalls, routers, proxy's and websites.
While we have not detected any signs of suspicious account activity, we strongly encourage all customers to change there password on the BioCeuticals website.
It is important to note that Credit card numbers are stored with Secure Pay, a business of Australia Post. FIT BioCeuticals only store the last 4 digits of your credit card, and expiry date. No employee of FIT BioCeuticals or it's subsidiaries or contractors will have access at any time to your full credit card details. Australia Post Secure Pay is a Tier 1 PCI DSS Compliant Payment Provider. For more information visit As such if in the unlikely event your password was compromised as a result of the OpenSSL security flaw, your credit card details if stored on your account could not have been accessed.
Your password can be changed by logging into the website and navigating to "My Password" in the "My Account" Menu
If you have further questions, please do not hesitate to contact us.
For more information about this vulnerability, please visit
* OpenSSL’s official advisory:
* The Heartbleed Bug:
FIT BioCeuticals also recommends to all our clients to be vigilant during this period. You will no doubt recieve emails from other companies asking you to change your password with them. When clicking on any link to change a password, always check the full URL or better still to type the website directly into your Web Browser so that you can be assured of the identity of the website you are about to enter your password. By doing this you will protect yourself from those sending out bogus Heartbleed Phishing emails.