It’s been a month since the news broke of the Heartbleed bug—“a serious vulnerability in the popular OpenSSL cryptographic software library.” OpenSSL software helps keep information security while in transit over the Internet and corporate networks.This weakness created a vulnerability in encrypted information, allowing attackers to eavesdrop on supposedly secure communications and access critical information like website encryption keys, usernames, passwords, and user data. Heartbleed was such a concern that governments around the world got involved with warnings to banks and other businesses to create fixes to their servers and asked them to notify their customers to change passwords.
While the world breathed a collective sigh of relief when the bug appeared to have been squashed, recent reports indicate that more than 300,000 serves are still vulnerable. More concerning is this number is only the official tally—an unknown number of servers may also be “unofficially” vulnerable.
Being proactive to safeguard your information is of the utmost importance. The first step is determining whether the websites that have access to your private information has been compromised. Several checker tools have been created, including McAfee’s Heartbleed Test site, as well as LastPass, Qualsys, or Filippo Valsorda. If the site is safe, change your password. If the site is not safe and may be vulnerable, do not change the password, but closely monitor information associated with the site—credit card use, changes made to the account. Only change the password once the site has been patched, and create a long, strong password, using a mix of characters, symbols and numbers. The days of using the same password across multiple sites is gone, so consider using a password manager to keep track.
Kinetik I.T. offers disaster recovery audits, planning and implementation services, as well as a wide array of technology and internet strategy solutions. To learn more about services and products, and to stay up to date with Kinetik I.T., visit www.Kinetik-IT.com or follow Kinetik on Facebook, LinkedIn or Twitter.