Heartbleed: What it means? What you should do?


safe_imageAs you probably all know there is a major flaw out in the wild called Heartbleed.  It’s been all over the news.  So what is heartbleed one might ask?  It’s a flaw in the security framework called open ssl.  The name comes from a technical term related to the programming framework.  The flaw has been discovered to have been open since 2012 when the newest version of the Open SSL technology was released.  Normally this wouldn’t be such a big issue, but this underlying technology is used everywhere in today’s world to keep communications related to the web secure.  The flaw allows an attacker to get into a server and retrieve critical information that would allow them to easily get to your passwords and eventually personal data on the server.  It would also allow an attacker to monitor communications and grab anything newer on a server that hasn’t been patched for the flaw.  The biggest problem is normally an attacker leaves some type of trace on a server that something has happened no matter how insignificant, but with this flaw in how it works there is no trace left whatsoever.  You therefore have to assume things are compromised.  Now what is one to do about this flaw.  Unfortunately you are at the hands of the site, provider, company, or whoever holds your information to update their server to fix this flaw.  The biggest recommendation is to change all your passwords especially if you use common passwords between sites or even common ways of generating passwords for sites.  We recommend not doing this though until the site(s) are patched because if they aren’t patched yet you’ll just have to do this again after they are.  Also if any of your sites contain financial information it is strongly recommend to keep an eye on your accounts for fraudulent activity and/or at the very least run a credit report every so often.  While it isn’t the end of the world, as most companies at this point are working towards or have patched this flaw, it is something to take seriously.  In order to find out if a site or service has been patched enter the name of the site into this website. https://filippo.io/Heartbleed/ It checks the underlying technology to see if this flaw applies or if it does if it has been patched.

Stay Safe.