Heartbleed bug; What Business Owners And Customers Need To Do
If you haven’t heard about it yet, let me introduce you to the encryption flaw, HeartBleed, the largest vulnerability the internet has ever seen. It’s that big (big enough that Canada has temporarily shut down their government sites), and it’s here to make all of our lives difficult. If you’re like me, you probably have dozens of passwords, for dozens of sites that all hold a varying degree of personal information. I personally spent the past five hours changing passwords. Bank accounts, airlines, hotels, social media sites, my dog walker, they all have my personal information. About 66% of the internet was vulnerable to HeartBleed so chances are most of the sites that hold my information were vulnerable too. Pretty much everyone was vulnerable, including but not limited to Google, YouTube, Facebook, and Instagram. The bug affects web servers running Apache and Nginx software. Potentially, the bug could expose otherwise “secure” information like passwords, credit card numbers, etc., that users enter into websites, applications, web email and even instant messages.
So, what exactly is HeartBleed and why is it so dangerous?
HeartBleed is an encryption flaw that affects OpenSSL. The idea of encryption is to conceal information from point A to point B, or your computer and a website. What happens if during this “secret conversion” someone else is listening? This is exactly what makes HeartBleed so scary. When encryption is flawed, anyone can be peaking in without anyone else even noticing.Watch This Comprehensive Video By Mashable For More Info
What Can You Do To Protect Yourself From HeartBleed?
Unfortunately the HeartBleed bug is tricky and technical so you just have to wait for companies to resolve the issue. It’s safe to assume that any sites with an SSL certificate, that “secure” connection that shows the little lock at the top of your browser bar with the “https” instead of an “http” were at risk.
1. Ask all of the websites you use if they are trying to secure themselves against HeartBleed. Do these companies have vulnerability scanning?
2. Change all of your passwords immediately.
What Should Businesses Be Doing To Protect Their Customers?
1. Patch the flaw. It’s the responsibility of internet companies to fix the HeartBleed bug by installing the updated version of Open SSL.
2. Alert customers to change their passwords. Changing passwords before the flaw is patched won’t solve any problems.
3. Get vulnerability scanning with a company that scans for the HeartBleed bug, like Trust Guard, among others.
How To FIX HeartBleed
1. Upgrade OpenSSL
2. Revoke ALL SSL certificates
3. Regenerate all SSL private keys
4. Get new certifications from SSL vendors