How Heartbleed Affects You

How Heartbleed Affects You

April 10th, 2014 by Christopher C. Wright

Spread the word —

We have received many questions from concerned Sonoma and Marin County website owners regarding the recently-announced bug nicknamed “Heartbleed” and what it means for them. Today we’re breaking down what the specific threat is, who is affected, and what you can do to make sure you aren’t affected, whether you are a website administrator or end-user.

What is Heartbleed?

Very well-summarized on the Heartbleed.com security release website, Heartbleed is a vulnerability that if exploited could cause an attacker to view your passwords, credit card information, and anything else you were entering into a website at the time. It does this by exploiting a flaw in OpenSSL, the web technology we have previously covered that encrypts traffic between you and a server, such as when you’re entering information into your bank’s website, checking your email, or logging in to Twitter.

Essentially ever since this flaw was identified all traffic using OpenSSL has been vulnerable to attack.

Who is Affected?

Over 66% of secure web traffic in 2012 used OpenSSL technology and that number has grown since. Many large websites such as Yahoo and Twitter have already announced that they were vulnerable to this attack but are working to upgrade their many servers. In short, if you have used online banking, online shopping, Facebook, eBay, GMail, instant messages, Twitter, or webmail, you are potentially affected.

In short, if you use any online services, you could be affected. A list has been compiled of potentially-affected websites, but by and large they represent the overwhelming majority of popular websites online today.

What can you Do?

For End-Users: the most important thing to do is to change your password on every website you use. Because attackers could have obtained your password, it is very important to not use the same password you had used previously, and to use different passwords for each online service. Our blog entry about Keeping your Password Safe has many tips for choosing strong passwords, and other tools such as KeePass can be very useful in managing your logins for many sites.

For Website Owners: You need to check whether your website is vulnerable immediately. Use the Filippo Heartbleed Test website to determine whether or not your host is affected. If so you need to ensure that your server gets the updated, patched, OpenSSL version installed. You may also want to generate new certificates and revoke your old ones to make sure that the internal keys weren’t compromised. Please contact your IT professional if you have any questions about this very, very important update.

Heartbleed is Serious

Heartbleed is one of the most serious non-virus web threats we at MSMB Networks have seen in many years. We cannot overstate the importance of changing your passwords and making sure your secure information stays secure. If you have any questions about Heartbleed or other online threats, we are more than happy to give you the full scope and scale of today’s online dangers, and what they mean for businesses moving into the 21st century.


MSMB Networks — Your IT Professionals!


Christopher C. Wright is the CTO of MSMB Networks, focusing on network and system administration, upgrade planning, disaster recovery, and IT budget analysis in Petaluma and all over Sonoma and Marin Counties. With more than fifteen years of hands-on experience, he is committed to educating and protecting his clients, ensuring they receive the best individualized support possible. Email him at christopher@msmbnetworks.com

Spread the word —

Latest Tweets

All future personal tech tweets will be posted at @Tech_Poet – thank you everyone for the support!
I wonder if I should keep using this handle for my personal tech projects and observations, now that MSMB has retired. Thoughts?
I just wrote 3500 words on @meraki hardware and dashboard software, woo! Coming to a blog near you.
RT @EFF: UPDATE: Hours before a scheduled vote on net neutrality, the CA utilities regulator took the item off the agenda: https://t.co/0yV
Make sure to do your Windows Updates; @Microsoft released some important ones this week!
RT @TEDTalks: “We need to build an Internet where privacy is no longer just an option, but the default.” - Andy Yen #TEDGlobal

MSMB Networks

info@msmbnetworks.com
855 Grouse Ln
Petaluma, CA 94954
415.462.6297