Heartbleed Bug: What You Need To Know About this Critical Security Threat

On April 22nd, 2014, posted in: Security Threats by Comments Off on Heartbleed Bug: What You Need To Know About this Critical Security Threat

The internet has been buzzing about what many believe to be one of the biggest security threats the Internet has ever seen.

This particular vulnerability, called the Heartbleed bug, is an encryption flaw (not a virus) that has exposed a wide range of popular websites – including Godaddy, Dropbox, Yahoo and Netflix.

Heartbleed Bug - Milwaukee IT supportWhat IS the Heartbleed Bug and why is Everyone Worried about It?

As defined on the official Heartbleed website, “The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.

This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

In other words, the Heartbleed bug is a vulnerability that has made it possible for user information (such as credit card details, passwords and other sensitive information) to be remotely accessible by hackers – and the bug has gone undetected for the last two years.

It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google Inc. researcher who was working separately.

Should You Update Your Passwords?

As of today, April 22nd, 2014, many popular websites have taken action and updated their servers, but they still recommend you change your passwords as an added precaution.

However, if the site has NOT been patched yet, you should wait to update your password.

According to Dodi Glenn, director of security intelligence at ThreatTrack Security, “If the website is still vulnerable, changing the password will not accomplish anything. The hacker could potentially view your newly created password, too.”

CNET has put together a comprehensive list of the top 100 sites across the Web to see if the Heartbleed bug was patched so you can update your password on those sites that have confirmed the release of a patch for the vulnerability.

View the list of affected websites and find out which websites to change your password on now.
(This list will be continually updated)

If you are concerned about the security of your business website or you are wondering if the Heartbleed bug has affected your website, call Ontech Systems at (262) 522-8560 or send us a request online.

Want to Bulletproof Your Business
Network Against Hackers?
Sign Up for a No-Fee, 100% Free Network Discovery

To see if Ontech Systems is a good fit for your organization, take advantage of our FREE Network Discovery, where we will identify high risk vulnerabilities within the business and make recommendations to strengthen the security your network – from data backup, to firewalls, server security and more.

NO obligation. NO commitment. Put us to the test!
Just enter your name and email address below to get started!
 We respect your privacy. We will NEVER sell, rent or share your email address.
Read previous post:
Upgrade Windows Server 2003
Warning: Support for Windows XP, Office 2003, Exchange 2003 & Exchange Server 2003 Ends Soon

It’s almost here. The deadline is fast approaching. On April 8th, 2014 Microsoft will end their active support for Windows...