While the Heartbleed exploit is known to have existed since 2012, it has reached front of mind status now with users everywhere as more and more fall victim to the aftermath of this encryption flaw.
As a consumer and user of technology, passwords help us gain access to our user accounts with vendors, social media accounts and cloud storage for our files. Earlier in the year we addressed password updates in my post, “New Year, New Passwords?” and now this is more important than ever.
Since there is no truly comprehensive list of websites affected by this exploit, it is recommended that you update your passwords for any site you use on the internet. The same safe internet practices apply:
- Don’t use the same password on multiple sites.
- Devise a scheme and mix it up but don’t make it too hard for you to remember (it’s no good if you’ve secured the accounts from yourself)
- There are password management services but there is a fear that an exploit could leave all of you information vulnerable. However, if you choose to use one of these, make sure to lock it down by updating your password regularly.
- Keep an eye on sensitive online accounts, especially banking and email, for suspicious activity.
As a business, you should beware of the same items recommended to consumers ++ you should also analyze any business applications that may be effected. OpenSSL, the technology affected by this exploit is not a default Windows application, so your in-house web server apps may not be effected if you’re using Windows. However, if you’re using a 3rd party web hosting service provider, these questions should be asked of your provider:
- Was your web hosting platform affected by the Heartbleed exploit?
- Have you applied a patch to the affected systems?
- Have you reissued for a replacement SSL certificate?
- Do we need to take action to reissue for the replacement SSL certificate (In some instances, your organization may need to process the new SSL certificate)
As web companies scramble to deploy patches and updates to protect their sites from infiltration, make sure to do your part to keep your personal and business accounts secure!
Teltek is a Certified Avaya Business Partner, NEC Dealer, and Microsoft Partner with two locations in the Baltimore Metropolitan area. We specialize in providing one call technology support for small to mid-sized businesses and nonprofits in Maryland, Washington, DC, Virginia and Pennsylvania.