Tag Archives: internet security

The Heartbleed Bug… Are You Vulnerable?

heartbleed logoThe Heartbleed Bug made international headlines when it was discovered that this security flaw could be exploited by hackers all over the world. Even though this OpenSSL vulnerability has a solution, there are still about 318,000 servers with Heartbleed in place.

The problem is that most people and businesses don’t know if they’re still vulnerable. If you’re unsure, check to see if you are vulnerable. It’s better to be safe than sorry, especially if you’re running a business with highly sensitive information on your systems.

Here’s how to tell if you’re exposed and what you can do about it.

What is the Heartbleed Bug?

OpenSSL is the primary encryption method used by websites on the Internet. The majority of websites have this form of security in place. The bug allows hackers to exploit Secure Sockets Layer (SSL). A hacker could read the system memory and uncover passwords and communications. In other words, they could bypass the main form of security used by the majority of the Internet’s users.

In a worst case scenario a company could have its customer’s information compromised; this could include personal details and financial data. For companies under the jurisdiction of a regulatory body, they could be found to have been negligent in their security arrangements. Such a ruling could lead to massive fines. In terms of the hassle, it isn’t worth it.

Act now to make sure you don’t fall victim to Heartbleed.

Are You Exposed?

Larger websites that have been exposed may already have their name on sites like Mashable and LastPass who took the liberty of listing the most prominent websites afflicted by the bug.

Kaspersky, a security firm, recommends using their free Heartbleed test.  People are also advised to visit www.heartbleed.com. This is a free information website filled with advanced data about the bug and its current status. It’s the best place to get the latest information on what’s going on.

What Should You Do?

Since it’s the OpenSSL that’s affected it doesn’t mean you have to spend long hours on maintenance. First of all, make sure your antivirus systems are completely updated. You don’t want to allow any further security leaks.

You should aim to change every password you have. The likes of Google have claimed they have already patched their services to make them safe, but there are no guarantees and Google won’t accept any liability either way.

Change your passwords to something more secure and this should be enough to protect you from any Heartbleed flaws. If you’re using any websites marked as vulnerable, take your data away from the site. This is especially true if you’re using an online cloud portal. An unpatched Heartbleed bug will make your data potentially visible to a third-party.