April 7th 2014 was a big day for the world, not only because Microsoft ended security support for Windows XP, but because a massive security flaw was found in the OpenSSL cryptographic library. This problem, called the Heartbleed bug, was found by Google Security, and it leaks information from any applications and services utilizing OpenSSL. The problem, however, is not that it was found; the problem is that over two-thirds of the entire Internet contains sites that utilize the OpenSSL/TLS protocol specification. It also doesn’t help that this bug has been active since December of 2012.
The bug is not the result of a design flaw, it’s an implementation problem, or rather, a programming mistake. Normally bugs like this are eradicated before they cause too much damage, but in this case, it has been out of hand for far too long. Unfortunately, there isn’t much that can be done about this bug other than wait for the websites to patch the problem. Most providers have been quick to remedy the problem. This bug leaves no traces at all, so if it has been exploited, you likely will not find out until some damage has already been done.
Some of the most utilized cloud service sites on the Internet including Google, Facebook, Pinterest, Yahoo, Twitter, GoDaddy and many others. It is recommended that you change the passwords of any accounts you use periodically, especially if they utilize the OpenSSL cryptographic library. Your data might be exposed if you’ve accessed any of these websites over the past two years.
Alternatively, if you aren’t sure that your favorite websites have been exploited by this bug, input the URL here and see if a patch has been issued.
Don’t wait until you are the target of an attack. Change your passwords and consider setting up a two-step authentication to ensure that you are the only entity that can access your personal accounts. Contact SemTech IT Solutions at 407-830-1434 and we can use our remote managed IT services to keep you and your company safe, and your sensitive data secure.