By Ideal Integrations, Outsourced CIO, TEQ magazine
The Heartbleed Bug is certainly causing some security concerns in the technology world this week. We want to give you a few thoughts on what to do about the Heartbleed bug.
What The Heartbleed Bug Is:
The Heartbleed bug is a vulnerability in the OpenSSL cryptographic library that allows stealing of information normally protected by the SSL/TLS encryption used to secure the Internet. OpenSSL is open-source software that is widely used to encrypt web communications. SSL/TLS is what normally provides secure and private communication over the Internet via websites, email, IM, and VPNs. According to CNET, an attacker can exploit Heartbleed to essentially “get copies of a server’s digital keys then use that to impersonate servers or to decrypt communications from the past or potentially the future, too.” Heartbleed is being taken so seriously because OpenSSL is widely used.
What Steps Your Organization Should Take:
Numerous technology providers have already provided a signature to prevent the bug, so check your environment to verify it is active and current on all subscriptions. We also highly recommend you take steps to fix the issue by changing your certifications and resetting passwords to ensure you are protected.
Once all components of your infrastructure have been patched, we strongly suggest that you reset the passwords associated with those accounts. All of these steps together will help to protect your environment from any threats from the Heartbleed bug.
What Steps You Personally Should Take:
We suggest that you also protect yourself personally as over half of all websites are potentially susceptible to this problem. Be on the lookout for spammers trying to take advantage of this situation and luring you to fake password reset websites. Always go directly to the website in question and change your password there.
Click here for another great article on the matter of changing passwords and protection.
Should you need any further assistance or have additional concerns, please don’t hesitate to reach out to our team at email@example.com.