Important -- Heartbleed Security Flaw

The Heartbleed security flaw has created a lot of press since it was reported by Google Security on April 7th.  This is a serious problem that affects websites using what is known as OpenSSL to encrypt secure traffic.  Additionally, OpenSSL is used to encrypt certain data on routers and other equipment used in networks.  

We have been asked by a number of clients what they should be doing. First, there is nothing that needs to be done to individual PCs, Macs, smartphones or pads. Heartbleed can only affect certain websites and certain network hardware. Second, by now, most major websites around the world have been patched.  There is an excellent article with a list of major websites and systems showing their up-to-date status and what to do next at mashable.com.

mashable.com/2014/04/09/heartbleed-bug-websites-affected/

 

The Computing Center staff has been in contact with most of the local website developers and has tested many local websites.  At this time, we have found no local financial institutions, medical sites, or other local websites vulnerable. We do not use OpenSSL internally, so all the sites that Computing Center hosts or maintains are not affected.   Additionally, none of the email, backup, or other services that we sell are affected.   

 

What else should you do?  Here are a few suggestions:

  • If you have received an email from any provider regarding Heartbleed, go to the provider's website and check their recent news or security section.  We recommend that you NOT click on a link from within an email and definitely DON'T click on any attachment.  They might contain a Virus or Malware.  
  • If you see that a provider has recommended changing your password, do so.  If for some reason, a vulnerable site has not yet been patched, wait until it has been patched before changing your password.
  • Keep a sharp eye out for any unusual activity on any of financial or other website you use regularly.
  • If you want to test a website on your own, here is a simple Heartbleed test from Mcafee: tif.mcafee.com/heartbleedtest

If you have any questions or concerns regarding Heartbleed or other security issue, contact us at The Computing Center.

Here are several additional sites and articles regarding Heartbleed:

A more Technical Discussion along with Q&As:  www.heartbleed.com
The Normal Person's Guide to the Heartbleed Vulnerability from Tidbits: tidbits.com/e/14662 

TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Comments are not allowed for this entry.