A recently discovered flaw in certain versions of Open SSL, known as the “Heartbleed bug,†has recently caught the attention of most of the Inter-net. Essentially, this flaw meant that web traffic using HTTPS connections, which were previously assumed to be encrypted and safe, could be exploited to retrieve the data being transferred (including usernames and passwords, credit card numbers, and other sensitive data). Many news reports and security advisories have been issued about this flaw, so you may be wondering what the implications are for you.
As with any major security flaw or breach, hardware and software companies began working to disable or correct the flaw as soon it was discovered. To date, there has been only one confirmed case of a hacker exploiting the flaw to compromise information, but there is also no way to tell for certain whether hackers were aware of the exploit or were using it to access information prior to the flaw becoming public knowledge.
Many popular websites (such as Yahoo, Google, etc.) were affected by the vulnerability, and now that these services have been patched or updated, there have been many advisories urging users to change passwords. For our clients that host their own email server, or who have a website utilizing any kind of login feature, we strongly recommend checking with M&H Consulting to re-view whether those web services were vulnerable to this flaw, and whether or not that vulnerability still exists. As with any security threat, the most important ways to prevent being affected are to keep all systems and equipment up to date with the latest patches & updates, and to change passwords where appropriate.
For our regular maintenance (“Tech For a Dayâ€) clients, we are taking care of these issues during our prescheduled visits; however, we can also proactively update systems sooner, if there is a concern and our next scheduled visit isn’t for some time. While the real world impact of this particular threat has been minimal so far, it is very possible that hackers will develop more efficient ways to exploit out of date systems as time goes on.
Regarding passwords, we recommend that all of our clients use secure passwords that are rotated frequently (usually between one to four times per year, depending on the size of the office, the types of data handled, and other factors that might elevate or lower risk). We do recommend changing passwords, simply because that is always the best way to keep your information secure. A secure password is typically defined as having seven or more characters, including at least 1 upper and 1 lowercase letter, as well as 1 number and 1 symbol.
If you have questions about your current passwords or password policy, or your exposure as it relates to the Heartbleed vulnerability, please contact us at support@mhconsults.com and we can help you determine what should be changed or updated at this time.
Categorised in: antivirus, Computer Support, hacking, Security