Many of you may have heard about the Heartbleed vulnerability and been advised to immediately change all of your passwords. This advice is not always required in regards to Hearbleed, but it is a pretty good practice to change your passwords on a regular basis. Here is a brief description of what Heartbleed is, what it affected, as well as what you should do about it.
What is Heartbleed?
Heartbleed was a bug in OpenSSL. Open SSL, which stands for Secure Software Layer, is an open security standard which allows developers to keep data secure. This is commonly used on websites with shopping carts or other information that needs to remain secure. Back in 2011, a new version of the software was introduced. Recently it was discovered that, under some circumstances, Internet attackers could steal data from the memory of a server. This data could be passwords or encryption keys, which could then be used to break into users’ accounts. It could also make malicious sites mimic real ones and collect sensitive information, like usernames and passwords.
What sites have been affected?
According to the Internet research firm, Netcraft, the bug has been fairly prolific affecting an estimated 500,000 websites. According to CNET news, this is the status of the largest Internet sites:
Heartbleed Vulnerability patched (fixed):
Google, Facebook, YouTube, Yahoo and Wikipedia, Bing, Pinterest, and Blogspot.
Sites not affected:
LinkedIn, Ebay, Live, PayPal, CNN and Twitter
CNET is also continuously updating a list as they are getting responses. Please Click here to access their list of fixed and vulnerable sites.
What action should you take?
If you have a website that maintains secure information, you should check with your developer to see if your website has been affected and repair the bug. If your website has been compromised, you may want to notify your users after you have repaired the vulnerability so that they can change their passwords as a security caution.
You should also review the lists above and update your passwords for the affected sites after the bug has been fixed.
As a general practice, you may want to consider updating your passwords on a regular basis to avoid this vulnerability as well as others that may arise in the future. Feel free to call Everbearing if you have any concerns or questions about this issue.