Most people have probably heard about the heartbleed bug and the disastrous effect it can have on the use and stability of the internet. Some have gone as far as to insinuate that it is the end of the internet as we know it. But I wouldn’t go that far. True it is a serious flaw in a protocol that is used by many to secure website, cloud systems, hosting and even hardware such as firewalls and web routers.
Initial advice was to change your passwords as soon as possible, soon recanted. Now the advice is to keep an eye on any website you use to see if:
- they have been affected,
- they have fixed it.
ONLY change your passwords if you know the flaw has been fixed.
It has affected reputable firms such as CISCO, RedHat, Watch Guard and Juniper who sell network and security based products, such as firewalls and routers that are used by many businesses to connect to the internet. Smaller or less known products may also have used the OpenSSL protocol so you do need to check.
Social media sites have also been compromised Facebook, Pinterest etc…. Follow the link below to see a list.
The heart bleed hit list by Mashable http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
The key thing to do I would suggest is to contact your supplier if you use cloud or hosting services and gain written assurances even if over email whether they are affected and if so when you can expect a fix. The good ones will already have a response and a fix time.
If you have your own systems and websites that restrict access and/or hold data you need to check with your tech people your exposure and whether they have used the OpenSSL protocol to secure any part of it.
Thanks to all the media attention the risk of exposure has actually increased, hackers that weren’t aware now are. Will they pick on you with so many possible targets on the internet?
Who knows? Do you want to find out before you do anything?
If you have any queries please email firstname.lastname@example.org and I will answer any email queries.