Heartbleed and What It Means for You

Recently, a scary sounding security bug called “Heartbleed” dominated news concerning the Internet. Without getting too technical, Heartbleed is a serious vulnerability in the popular OpenSSL cryptographic software library.

So what exactly does this mean? Basically, the weakness may have allowed hackers to access information that was supposedly protected by SSL/TLS encryption. So, information that you assumed was secure and that you may have shared via web, email, and instant messaging may not have been secure at all.

This is a problem, since it has been estimated that more than 66 percent of the web uses OpenSSL. While an older version of OpenSSL was not affected, it still means a good chunk of the web has been vulnerable — and may have been vulnerable for the past two years. Your usernames and passwords, taxpayer identification numbers, and even private encryption keys could be plucked from vulnerable sites.

Unfortunately, there is little the average user can do about this. For the most part, you have to wait for Internet companies to update OpenSSL and reissue their security certificates.

So, what, if anything, can you do anything to protect yourself?

One immediate step you can take is to change your passwords for sites that were known to be vulnerable to Heartbleed attacks. For instance social networks such as Facebook, Instagram, Pinterest, and Tumblr were all tagged as being vulnerable to the bug. Google (Gmail), Yahoo, and Dropbox were tagged as well, as were popular media sites like Netflix and YouTube. Sites not vulnerable were Amazon and LinkedIn.

Be aware that changing your passwords does not guarantee that your information hasn’t already been compromised. Many companies have advised their customers to change their passwords as a precautionary measure. You can go to Norton to check if a site you use is vulnerable to a Heartbleed attack or if it has been patched.

Sites like Netcraft have released extensions for Chrome, Firefox, and Opera that allegedly detect susceptible sites and flag them in your browser.

Be aware that it is important for you to know whether the site in question has patched against the bug before changing your password. Changing a password before the bug is fully patched won’t make things any better. If a site has not patched against the bug, it is best to stay off of it until it has.

SLS keeps track of these and other threats to assure that you are aware of internet vulnerabilities that may affect your business. Call us at (323) 254-1510 or contact us online if you want to know more about your internet needs.