The news about Heartbleed, a bug that exposed sensitive user information via a coding error in the online security protocol OpenSSL, shook the technology world to its core last week. The New Yorker called it “as bad as a security flaw can be.”The New York Times described it as “a stark reminder that the Internet is still in its youth and vulnerable to all sorts of unseen dangers.” Cryptography expert Bruce Schneier said “catastrophic is the right word to describe Heartbleed… on a scale of 1 to 10, this is an 11.”

Why? Because Social Security numbers, passwords, logins, credit card information, and even the encrypted keys supposedly keeping Internet activity safe could have been compromised. Because Heartbleed went undetected for nearly two years. Because Netcraft estimates that up to 500,000 sites could have been vulnerable. Because the bug can be exploited at any time, by anyone on the Internet, without leaving behind a single shred of evidence.

The problem was first identified two weeks ago by a team of Finnish security experts and Google researchers, and the findings made serious waves last week, with most experts urging users to immediately change all their passwords. But some outlets also warned users to proceed with caution and check a site to see if it had been fixed first. “If you change your password and the site hasn’t been patched, then you’re giving a hacker a new password,” said open-source security analyst Zulfikar Ramzan.

On April 10th, Mashable reported that the following sites, which collectively account for nearly two billion users, may have been affected, had applied security patches, and were urging users to change passwords:
Facebook, Twitter, Instagram, Pinterest, Tumblr, Google, Yahoo, GoDaddy, Intuit, DropBox, LastPass, OKCupid (Check here for more info on affected & unaffected sites)
What can you do to minimize the impact of the Heartbleed bug?

• Change your passwords for ALL online portals! Sounds obvious, but we’re serious: create new, strong, and secure passwords for all logins, as there’s still no indication of the Heartbleed vulnerability’s scope. It only takes a minute and will instantly improve your security. Using a password management tool is crucial.

• Check your business’ website, particularly if it relies on e-commerce. Iorking with a trusted IT provider is your best bet to ensure security, transparency, and proper implementation of fixes. All of CMIT Solutions’ websites were unaffected by Heartbleed, allowing us to concentrate on proactively solving any problems with the bug… (Click here to read more)

• Consider a remote monitoring and management service that keeps your systems safe and running. Keeping up with the avalanche of tech troubles in the news (CryptoLockerdata breaches, and now Heartbleed) is virtually impossible — especially when you’re trying to run a business… (Click here to read more)

Armando D’Accordo
CMIT Solutions of South Nassau
34 Merrick Avenue
Merrick, NY 11566



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s