Image Image Image Image Image Image Image Image Image Image

AZ Tech Beat | March 23, 2019

Scroll to top

Top

No Comments

Heartbleed bug: How to protect you and your company

Heartbleed bug: How to protect you and your company
Tishin Donkersley

If you haven’t already heard about the Heartbleed bug, the lapse in Internet security that has exposed millions of passwords, credit card numbers and other private information to theft, this breakdown has caused major corporations to work overtime to secure their servers to prevent any additional damage.

Let’s start with a shout out to the Finnish security firm Codenomicon, along with a Google Inc. researcher who found this SSL snafu.

For the average user, and companies for that matter, this security hole has existed on a vast number of the Internet’s servers for more than two years, and you and/or your company might be vulnerable.

To further understand the Heartbleed bug, it creates a vulnerability in encryption technology used by online sites, such as Facebook, Amazon, banking institutions, and many more. This vulnerability could allow someone to steal sensitive information from the site, such as passwords, usernames or account information. This bug is not a virus nor an infection to your computer, so running a virus scan won’t help fix the bug, this is a defect in the server software program that is exposing your information.

The problem for the end user is that one won’t know if their information is secure until the software is “patched” or fixed. Once the software is fixed, it is highly advisable to change your password. How will you know if the software is patched? Unfortunately, until the company reaches out to you or make their patch publically known, you might not know. In the meantime Mashable has a list of companies and social network that have been affected and/or fixed click HERE.

For the company or CEO who is wondering if they are affected, IT experts suggest the following:

*If you are running OpenSSL, you need to patch it with the update that came out this week 1.0.1g at OpenSSL.org.

*If you are hosting websites on Linux servers or using the Apache web server on Windows servers, you may be at risk. Windows servers using IIS web server are unaffected by the Heartbleed bug. According to TechNet blogger Ben Ari “Windows comes with its own encryption component called Secure Channel (a.k.a. SChannel), which is not susceptible to the Heartbleed vulnerability.”

*If you are wondering if your site or server may be affected, visit the Heartbleed test site and plug in your site name. http://filippo.io/Heartbleed/

Screen Shot 2014-04-11 at 11.39.22 AM

 

Read more about the Heartbleed bug:

http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076

http://www.engadget.com/2014/04/10/the-heartbleed-bug-is-affecting-routers-too/

http://www.sfgate.com/news/article/Heartbleed-online-security-bug-isn-t-easily-fixed-5390510.php

Contribution from the Associated Press