The talk all over the Internet this week has been about Heartbleed – a widespread encryption bug that can capture passwords. It has left some websites running SSL encryption vulnerable. These sites include a long list that varies from social media sites to banks, which could potentially put you at risk. Many of these sites already did their due diligence to look into whether or not they were affected by Heartbleed and sent out emails informing users whether or not they were and what actions they have taken. Even those that haven’t been affected still recommend changing your password for guaranteed protection.
Not sure what all of this means? TLC Office System’s IT Support Houston team has been following updates to bring you the latest information.
What is OpenSSL?
If you’re not familiar with the term “OpenSSL” you may not understand the severity of Heartbleed. OpenSSL runs on 66% of the web. It is a free, out-of-the box solution for providing SSL functionality for a website or app. Because of this, it is the appealing choice, which is why so many use it. It is not only used by websites and apps but also instant messaging, network routers, email clients and even some printers.
The scary thing about Heartbleed is that it goes right to the heart (as you might guess by the name) to encryption. Encryption makes sure when information is sent from one computer or server to another it is protected and secure. It’s like a secret language that would have to be decoded to be understood.
What does Heartbleed Do?
Because Heartbleed affects encryption, it can potentially expose very sensitive information such as: passwords and credit card numbers. The worst part is, it has been discovered this might have been a vulnerability for the past two years, and everyone is just now discovering it. Unfortunately, that means there is no guarantee your information hasn’t already been compromised. What we must do now, though, is take every action we can to be protected from Heartbleed in the future.
What do we do Now?
First, do not ignore any emails you may receive from any company in which you have financial assets or any personal accounts. This is a serious matter that needs to be addressed. Most websites that have been affected are giving very specific instructions on how you should proceed with their specific website. Some it may be as simple as changing a password, others may require more. Before you run off to change all of your passwords, though, be aware that not all sites use SSL, and not all sites that use SSL use OpenSSL. Plus, if you change your password before the website has implemented a patch for Heartbleed, you will have to change it again once the patch has been implemented. Mashable has put together a great “Heartbleed Hit List.”
It shows that you need to change passwords for Instagram, Pinterest, Google (including Gmail), Yahoo (including Yahoo Mail), GoDaddy, Dropbox and IFTTT. It is also recommended to change your password on Facebook as well though it is unclear if it has been affected. These are just a snippet from the list, but they are those that many business owners use. Keep in mind, too, if you use one password for multiple websites and even one of those websites was vulnerable, you will need to change that password on all of the websites on which you use it to be safe.
This was a big hit to internet security that nobody ever imagined would happen, but all we can do now is protect ourselves and move forward. Our business and IT Support Houston Team is here to help. Give us a call today.