April 7th 2014 was a big day for the world, not only because Microsoft ended security support for Windows XP, but because a massive security flaw was found in the OpenSSL cryptographic library. This problem, called the Heartbleed bug, was found by Google Security, and it leaks information from any applications and services utilizing OpenSSL. The problem, however, is not that it was found; the problem is that over two-thirds of the entire Internet contains sites that utilise the OpenSSL/TLS protocol specification. It also doesn't help that this bug has been active since December of 2012.
April 7th 2014 was a big day for the world, not only because Microsoft ended security support for Windows XP, but because a massive security flaw was found in the OpenSSL cryptographic library. This problem, called the Heartbleed bug, was found by Google Security, and it leaks information from any applications and services utilizing OpenSSL. The problem, however, is not that it was found; the problem is that over two-thirds of the entire Internet contains sites that utilise the OpenSSL/TLS protocol specification. It also doesn't help that this bug has been active since December of 2012.
The bug is not the result of a design flaw, it's an implementation problem, or rather, a programming mistake. Normally bugs like this are eradicated before they cause too much damage, but in this case, it has been out of hand for far too long. Unfortunately, there isn't much that can be done about this bug other than wait for the websites to patch the problem. Most providers have been quick to remedy the problem. This bug leaves no traces at all, so if it has been exploited, you likely will not find out until some damage has already been done.
Some of the most utilised cloud service sites on the Internet may be affected, including Google, Facebook, Pinterest, Yahoo, Twitter, GoDaddy and many others. It is recommended that you change the passwords of any accounts you use periodically, especially if they utilise the OpenSSL cryptographic library. Your data might be exposed if you've accessed any of these websites over the past two years.
Alternatively, if you aren't sure that your favorite websites have been exploited by this bug, input the URL here and see if a patch has been issued.
Don't wait until you are the target of an attack. Change your passwords and consider setting up a two-step authentication to ensure that you are the only entity that can access your personal accounts.
If you require any support in securing your business against the Heartbleed virus, or if you'd like a security health check, we encourage you to contact our technical team at National Technologies Group for further information.
