Thoughts on Heartbleed Bug

Headlines have been filled over the last few days with stories of the Heartbleed bug. Heartbleed is perhaps the largest vulnerability on the internet to date, and remarkably this security lapse has gone undetected for years.

As we use the internet from day to day, SSL (security sockets layer) is the security protocal that encrypts our data when banking, shopping, or browsing online. OpenSSL is the most common application of SSL and covers over two-thirds of internet sites. Heartbleed, infiltrated through OpenSSL, allows an attacker to read chunks of memory on a server, which can contain confidential information such as passwords, customer information, and cookies. Attackers may also recover keys to the server and eavesdrop on past, present and future communications. A scary thought given our affinity for all things digital these days.

You may have already received emails from online businesses and websites addressing the Heartbleed bug. Some sites may be unaffected, and some may recommend changing your password. We recommend being proactive and changing your password even before your providers contact you. (Keep in mind, if your providers have not updated the patch for Heartbleed your information remains compromised.) The following is link to an article on Mashable.com that compiles a list of popular sites, their security status, and passwords that should be changed right away.

The Heartbleed Hit List

Internet security is an important topic and one we have written about in the past. The following is the link to an older post that is still relevant today.

Posted by Jay Healy at 2:04 PM
Share |