<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1053612738175845&amp;ev=PageView&amp;noscript=1">

HEARTBLEED BUG: A BLOODY DARN LEAK

Twinstate Technologies  Written By Twinstate Technologies
Firewalls & Network Security | 10 Minute Read

Heartbleed Bug

The Heartbleed Bug is bleeding information, possibly your information, directly into the hands of hackers. But, what the bloody heck is Heartbleed, and what does it mean for you – the website visitor and user?

Across the Internet, many websites use the OpenSSL software package. An open-source technology, OpenSSL enables websites to secure sensitive information, such as traffic and login credentials. The problem is that a part of recent versions of the OpenSSL software had a security vulnerability, which has been dubbed the Heartbleed bug.

So, how does the bug work?

Think of an SSL certificate like your website’s ownership papers. The certificate contains a cryptographic key, or a numeric signature, that is identified with the website. When the Heartbleed vulnerability was communicated to the masses, cybercriminals set out to capitalize on it by releasing a malicious online tool. The tool forces the most recent data processed by exposed website servers to bleed out.

The bleed happens when a hacker visits one of the at-risk websites and waits. As time ticks by, the heartbeat of the web server beats on while the perpetrator sits back, collecting information such as usernames, passwords, private keys for encrypting and decrypting data, site administrator credentials or re-usable browser cookies. Unfortunately, this type of attack can be done over and over again to the websites that have remained susceptible.

If you have a web server using OpenSSL, it’s imperative to ensure that it isn’t bleeding. Do this by verifying you are not using a vulnerable version of OpenSSL. If you are using one of these versions, update the web server immediately with the most recent version, where they have fixed the bug.

Next, check the websites you frequent to know if they’ve been exploited. You can do this by visiting these sources recommended by cybersecurity expert, journalist and blogger Brian Krebs, Krebs on Security:

http://filippo.io/Heartbleed/

https://www.ssllabs.com/ssltest/

http://heartbleed.criticalwatch.com/

https://lastpass.com/heartbleed/

If exploits occurred, change your password.

Below are some simple and effective rules for you to follow.

Ensure that your password(s) is a minimum of 12 characters and it contains at least:

  1. One upper-case letter

  2. One lower-case letter

  3. One number

  4. One special character (a space is considered a special character, too)

Do Not Use:

  1. The upper-case rule as your first character

  2. An exclamation point, “!”, as your special character

  3. Your special character as the first character in a sequence

  4. Sequential numbers, such as 123456

  5. Seasons

  6. Dictionary words or word phrases

  7. Names, including:

    1. Children's or family names
    2. Sport team names
    3. Street names
    4. Pet names
    5. Anything personally related to you

Change passwords and use a different password in your business and personal environments for items requiring a password, such as:

  1. Server administration

  2. Desktops and laptops

  3. Mobile devices

  4. Routers, switches and firewalls/next-generation firewalls

  5. Voicemail

Here are a few final – and equally as critical – points to consider:

  1. Enterprise passwords should always be different from personal passwords.

  2. Never use corporate email for social media or any personal accounts.

  3. Do not associate or use corporate email as a recovery email for any online identity, i.e. Facebook, Amazon and banking sites.

Read more on password tips from Twinstate Technologies by visiting these blog posts:

Strengthen Your Cybersecurity by Following These Latest Password Tips

Why Stolen Facebook, Google, Twitter and Yahoo Passwords Should Concern the Enterprise IT Manager

Lastly, it’s critical that you prepare yourself for the aftermath of the Heartbleed bug.

  1. Beware of phishing emails; phishing comes in the form of email messages, websites, phone calls and social engineering, and is designed to acquire sensitive data for financial gain. Don’t get hooked.

  2. Be on alert for social engineering schemes, or scamming that preys on the psyche, tricking people into divulging confidential information.

  3. Be on the lookout for suspicious phone calls and snail mail stating you’ve signed up for something when you haven’t.

  4. Actively monitor your bank account.

  5. Become a hermit. Just kidding.

We can’t avoid the world we live in, but we can certainly take steps to better protect our own little piece of the pie, especially the privacy of our information. Don’t allow the Heartbleed bug and its exploit to bleed out your information into the hands of cybercriminals. Take precautions now, and check back soon for more information on the Heartbleed bug.

Originally published on 04/14/2014

Topic: Firewalls & Network Security

Find this article helpful? Share it! ⬇

Need more information or help? Click here to get it!

What can we help you with today?

Recommended For You

Subscribe