Published on April 14th, 2014 | by Kim Stiglitz0
Heartbleed Bug: What You Need to Know
By now you’ve probably heard the buzz and received more than a handful of emails from various companies about the Heartbleed bug. Since it was disclosed on April 7, 2014, it’s been made public that the bug puts users’ passwords for many popular Web sites at risk. In this post, we’ll try to get to the heart of the matter and answer possible questions you may have.
What is Heartbleed?
According to the Heartbleed website, “The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.” Put simply, this means your usernames, passwords, and credit card information were potentially at risk of being intercepted.
What is OpenSSL?
CNET shares that OpenSSL is, “Secure Sockets Layer … It’s the most basic means of encrypting information on the Web, and it mitigates the potential of someone eavesdropping on you as you browse the Internet. (Notice the ‘https’ in the URL of SSL-enabled sites like Gmail, instead of simply ‘http’). OpenSSL is open-source software for SSL implementation across the Web. The versions with the vulnerability are 1.0.1 through 1.0.1f. OpenSSL also is used as part of the Linux operating system, and as a component of Apache and Nginx, two very widely used programs for running Web sites. Bottom line: Its use across the Web is vast.”
Which sites were affected?
CNET has created a list of the top 100 web sites and their current status, however, your best bet is to hear it from the source, either through an email you may receive from a company you’ve done business with, or by contacting them directly to find out. You can also use a tool like the one created by LastPass, a password management company, to check if a site was vulnerable, but again, you should confirm this directly with the company.
VerticalResponse was not impacted by the Hearbleed bug.
What can you do?
Many people are racing to change their passwords in an effort to protect themselves. While this is a good practice, it’s important to wait until you’ve received confirmation from the company to ensure they’ve patched the bug first, otherwise you may be unintentionally giving a potential attacker access to your new password.
News about the Heartbleed bug is continuing to unfold. You can consult the Heartbleed website for more details and look for emails from companies about how they’ve been impacted, and what their next steps are.
Want more marketing tips and tactics? Sign up for the free VR Buzz.
© 2014, Kim Stiglitz. All rights reserved.