Many of our clients have been asking us for clarification on what Heartbleed is and how it affects them and their business.
What is Heartbleed?
Heartbleed is not a virus. It is a hole in the security mechanism used for secure communication across the Internet. Although not every website on the Internet is impacted, the vulnerability does affect certain versions of secure web pages.
To illustrate, secured web pages that require a user to enter sensitive data to process (such as a credit card number) are most vulnerable. You can identify a secured web page by looking for either a lock icon or https in the address bar. Unfortunately, the hole provides a way for hackers to access sensitive data and it has already existed for two years.
What Can I Do?
As an end user, there really is nothing you can do. We must rely on the vendors and web admins to update their products and patch the vulnerability timely. A patch was released the day Heartbleed was announced. And on the upside, no sign is evident that hackers exploited it.
As a business owner, you should check in with your vendors to ensure their web admins have applied the patch. You can also contact your IT service provider for help. We have been working with our vendors to determine what might be affected and where we need to apply the patch.
Do I Need To Change All My Passwords?
Firstly, you only need to change your password on websites that were vulnerable, or websites you used the same credentials as a vulnerable site.
Secondly, you should not change your password until you are sure the patch update has been applied. If you change your password before a fix, you may be handing your new info right over to a hacker.
Check out Mashable’s Heartbleed Hitlist article to see which websites were impacted. For more obscure sites, you can use LastPass Heartbleed Checker.
Best Practices Going Forward
As an end user, you didn’t have a lot of prevention or control in this situation. Even though changing your passwords frequently wouldn’t have assisted you in this particular instance, it is still a good idea. Varying passwords from site to site is a best practice, which may save you time should a similar vulnerability emerge again. You may consider using RoboForm or LastPass to help you manage your passwords.
Our goal for this blog is to answer the questions you ask. If you have any questions about Heartbleed or any other topic please email me at [email protected]. To learn more about IT subscribe to our blog.
