linkedin  Google+  email-3  twitter  facebook

Heartbleed: Everything You Need to Know

Find me on:

Heartbleed-1According to a recent article on Mashable, two months after the Heartbleed threat there are more than 300,000 web servers still vulnerable.  So in case you've missed the information on this security threat, we've broken down what it is and what you can do to fix it if you are affected.

What is Heartbleed?

By now, you've probably heard of the Heartbleed bug, but what exactly is Heartbleed... and more importantly, what can you do to protect yourself?

Heartbleed is a vulnerability in Open SSL, which is like a protective layer that surrounds all your sensitive data across the internet: passwords, user IDs, and other content. Heartbleed doesn't affect all of the internet (because not all of the internet uses OpenSSL), but it affects a huge portion- around 20%.

Without that protective layer, any sensitive data you send to a site affected by Heartbleed is easily accessible to anyone who wants it.

What can I do?

Initially, not much. Each individual site that was affected has to patch the vulnerability themselves - so even if you changed your password, it wouldn't do any good.

Most sites have made the necessary patches, though, so changing your password is the next step, and one we recommend wasting no time in doing. You can find a list of affected sites here. That list is constantly updated, and will tell you whether a site was affected, whether they've issued a patch, and whether or not you need to change your password.

Fortunately, Microsoft was not affected by Heartbleed, so if your office employs Microsoft products, you're in the clear. However, every employee should be made aware of the bug and its potential. Make sure that all employees have a link to the list of affected sites, and encourage them to change their passwords to each and every affected site - even if the sites are only used for personal use.

That includes email apps like Gmail and Yahoo! Mail, social networks like Twitter and Facebook.

When you do change your password, there are a couple of things you should keep in mind. First, use a unique password for each site. Make it long, preferably three unrelated words strung together in a single phrase. Most importantly, never use common passwords like 12345 or password.

Even better, leave the passwords to a dedicated password app like LastPass. LastPass will automatically generate unique passwords for you, then automatically log you into any site you've saved in the master database. To learn more about LastPass, head over to this post.

Heartbleed affects everyone on the internet in much the same way, so small businesses are affected to no more or less extent than individual internet users. That said, we recommend disseminating this information to everyone in your office. If each employee takes steps to protect his- or herself, your office will be protected.

If you want more detail on Heartbleed, here are three excellent articles that go into much greater detail: 

Why Heartbleed is the Ultimate Web Nightmare (Mashable)

What the 'Heartbleed' Security Bug Means for You (Lifehacker)

Heartbleed: Why the Internet's Gaping Security Hole is so Scary (Gizmodo)

We would like to point out that Microsoft, Google, and Facebook have teamed up to fund a project designed to prevent another catastrophe like Heartbleed.

As always, we're here to answer any questions, so don't hesitate to get in touch.

 

Subscribe to our blog to receive regular articles