Protect Yourself From the Heartbleed Bug

Apr 14, 2014 8:03am


By William J. Brunkhardt
Chief Technology Strategist, Cyber Sciences Corporation

Add yet another serious Internet security vulnerability to the list of all-time serious threats. “Heartbleed” is a newly discovered flaw in OpenSSL, an open-source encryption software package used by millions of servers around the world. We all rely on end to end SSL encryption to protect our passwords, banking and personal information when surfing or conducting business online. But researchers discovered an accidental flaw in OpenSSL that has apparently been a serious vulnerability for the last few years. 

Companies have been scrambling this week to patch the server software. At this point security professionals don’t know the full scope of the implications of this flaw, but it will likely affect millions of people.

Fortunately, there are tools available to test web servers to ensure that they have been patched properly to prevent future exploitations. Unfortunately, however, we will not know who has been exploited.

One final note - scammers have been sending spam and phishing scams taking advantage of this news. Be very cautious of these emails; you may be better off contacting the company via phone than clicking on a link or entering usernames and passwords.

For more information: http://heartbleed.com/