For information on how SymQuest can help you manage and plan for security threats like the Heartbleed bug, contact us today.
On Monday, April 7th, 2014, news of a serious vulnerability in the popular OpenSSL encryption library was announced. Now referred to as "Heartbleed," the vulnerability is one of the most widespread and hardest to detect bugs on the Internet so far.
The Heartbleed bug is a vulnerability in the Internet based security software Open SSL that may put you or your business at risk, including loss of data and breach of online accounts. Referred to by the US government as CVE-2014-0160, the flaw "could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory handling in the TLS heartbeat extension," according to the United States Computer Emergency Response
News reports indicate that Heartbleed has been in effect since March 2012, effectively leaking encryption keys 64 kilobytes at a time. According to industry blog Mashable, this is one of the biggest threats to Internet security ever seen.
While response to the flaw was quick and decisive, with the authors of OpenSSL releasing updated versions to address the vulnerability, that it remained undiscovered for two years begs the question: what else is out there?
Since there's no way of knowing what could be at work, now is a perfect time to assess your company's security protocols and adopt best practices to help mitigate your risk and manage your exposure in both this and future threats.
- A great place to start is with passwords. Especially in light of Heartbleed, change the passwords that you and your employees use for online accounts, including vendor sites, banking, email, etc.
- Contact your vendors; if you work with specific software vendors that have web-based portals, we recommend contacting them to confirm if their product is affected by this vulnerability.
Be vigilant. Regular password changes are always a good idea, so make sure you use different passwords among your various sites and change them regularly. This Mashable article has a great list of high-impact platforms that were affected by Heartbleed.
Businesses can't afford to have their security compromised by threats like the Heartbleed bug. Since it’s impossible to know what other malicious security issues are lurking out there, managed network services are an ideal solution for businesses. With managed services, you get access to help desk support whenever you need it. That means that if you have questions about issues like the Heartbleed bug, professional, reliable answers are only a phone call away.