Still don’t understand the flood of information surrounding the Heartbleed vulnerability? Rest assured, you’re not the only one who’s confused. There’s a variety of sources telling us different things, so how can you handle the vulnerability properly? Well, it all starts with understanding the vulnerability itself.
What is Heartbleed?
Google and Codenomicon recently discovered the Heartbleed vulnerability in the popular OpenSSL software library. The vulnerability is essentially a server memory vulnerability, which allows cybercriminals to steal information from the Internet. When you’re using a website with a padlock beside the URL, the web connection is secure and encrypted, possibly by the OpenSSL software.
While the entire database isn’t vulnerable, transactions on websites will be vulnerable while the website is attacked by a cybercriminal. Server memory tends to be as current as the current transaction taking place, which means transactions from hours or days ago aren’t stored in memory; however, it’s imperative to avoid transactions online while the vulnerability is still unresolved.
What Can Be Done to Protect Yourself Against Heartbleed?
You’ve probably been told to change all of your online passwords, however, if a website is still vulnerable, your new password will be vulnerable as well. Here’s a few tips to help you protect yourself against Heartbleed:
- Use a site checking tool and check your favorite websites.
- Change passwords for vulnerable websites.
- Monitor vulnerable websites to verify that they’ve been patched and reissued new digital certificates.
- Change your password again after you’ve verified that they’ve been patched and reissued new digital certificates.
Make sure you’re checking all of your commonly used websites. If a website runs on OpenSSL, it should patch the vulnerability and communicate with you to let you know, however, don’t expect all websites to contact their users. Change your passwords, but change them again when an affected site patches the vulnerability.
To learn more about the Heartbleed vulnerability, give us a call at (415) 963-9900 or send us an email at email@example.com. Tech Officers can help you stay up-to-date and protected against the latest security threats.