Heartbleed Bug

What You Need To Know About this Critical Security Threat

The internet has been buzzing about what many believe to be one of the biggest security threats the Internet has ever seen.

This particular vulnerability, called the Heartbleed bug, is an encryption flaw (not a virus) that has exposed a wide range of popular websites – including GoDaddy, Dropbox, Yahoo and Netflix.

As defined on the official Heartbleed website, “The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library.”

This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

In other words, the Heartbleed bug is a vulnerability that has made it possible for user information (such as credit card details, passwords and other sensitive information) to be remotely accessible by hackers – and the bug has gone undetected for the last two years.

It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google Inc. researcher who was working separately.

Should You Update Your Passwords?

Many popular websites have taken action and updated their servers, but they still recommend you change your passwords as an added precaution.

However, if the site has NOT been patched yet, you should wait to update your password.

According to Dodi Glenn, director of security intelligence at ThreatTrack Security, “If the website is still vulnerable, changing the password will not accomplish anything. The hacker could potentially view your newly created password, too.”

CNET has put together a comprehensive list of the top 100 sites across the Web to see if the Heartbleed bug was patched so you can update your password on those sites that have confirmed the release of a patch for the vulnerability.

View the list of affected websites and find out which websites to change your password on now. (This list will be continually updated)

If you are concerned about cyber security threats and challenges your business might be faced with or you are wondering if the Heartbleed bug has affected your website, call Ontech Systems at (262) 522-8560 or send us a request online.