Heartbleed is a term that caught our attention right away. It sounds serious. It sounds dangerous. Turns out, it’s both.
Heartbleed is essentially leaky (hence the name) website encryption. Have you ever noticed that some sites you visit (like Google, for example) start with “http” while other sites, like hopefully your bank’s login page, start with “https”? The difference of that “s” is supposed to be security. When a site starts with “https”, that site is using encryption in order to protect information that you communicate on that website.
OpenSSL is one option for organizations who want to provide sites that offer secure encryption. But, unfortunately for OpenSSL, the software was running with a bug for two entire years that made data it presumed was secure actually unsecure.
Medium-security sites such as Facebook, Google, Twitter, Yahoo! and others were impacted by this leak. You can see a complete list of affected sites that you might use here. The good news is that the places where you are most hoping for security – such as banks’ websites – typically use a stronger form of data encryption than OpenSSL, so you should be fine there.
Something to consider is that if your password to one of the sites such as Facebook, etc. was able to be accessed and you’re using that same password for other sites such as your bank, you’ll want to make sure that you change your passwords.
Let’s end on a positive note, shall we? Fortunately, Heartbleed was found before any known attacks took place. Software developers immediately worked to fix the problem.
If you’re concerned about the impacts of your firm due to Heartbleed, call Rekall and we’ll assess your situation and explore security options with you.