Home   .    Blog   .    About   .    Contact   .    Sign In

Business Catalyst

 
You are here: Business Catalyst

Tips on how to deal with the Heartbleed bug



Have you used a password on the internet in the last 2 years? Yep the 'Heartbleed' bug has been out there for that long. You can read the really geeky information here: http://heartbleed.com/ and I am not even going to try and simplify what the vulnerability is except to say that all data that was sent using OpenSSL (a type of security communication method) might have been able to be 'listened to' by hackers.

Image from heartbleed.comThe reality is that most of us don't send much that is really national security type of information, BUT your passwords could be at risk. LastPass.com report that 73% of people use the same password on multiple sites. Since this Heartbleed bug is so wide spread, it is possible that your password you used at one website, that was attacked, could be the same password you use on another site, and since most sites all use your email address as the username, you could now be compromised.

What should I do about the Heartbleed Bug?

You should change your password, on most sites. BUT there is a problem. If the service has not yet updated their server, they could still be at risk even after you change your password. So first, check if the site has published any information about their use (or not) of OpenSSL. If you are not sure, a service like this will check for you: https://lastpass.com/heartbleed/ 

WHAT!!??  MOST SITES!!

Yep. I wrote a post over on my other website about managing passwords and making them tough. The tools there are perfect for making better passwords, and remembering them.

Why is it called 'Heartbleed'?

The part of the code that is the cause of all the problem is call the 'heartbeat'. While I am not an expert and don't know, I presume it is used to keep a session alive or active. There is something wrong with the way this function works that is causing the problem. Since it is the heartbeat, the bug has been called 'heartbleed', as it bleeds the information..

Is my Company Website at risk?

At this stage you need to check with your individual hosting company. If you are with us, we use Adobe's Business Catalyst to host and manage your website. I have a support ticket with Adobe to confirm they have updated their servers, and I will contact you via email if you need to take any action.

Other simple explanations of the Heartbleed bug:

ABC News:
http://www.abc.net.au/news/2014-04-10/heartbleed-bug-password-reset-data-openssl/5379604

Thursday, April 10, 2014