<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=159683641205248&amp;ev=PageView&amp;noscript=1">

What is Heartbleed and how might your company be impacted from a security perspective?

Matt Golueke August 23, 2021 15:22 PM

Wolski_blog_imageGuest blogger, fellow volunteer firefighter and EMS provider to several of us on the 'MidChes' team, Chris Wolski helps us better understand...from a public service perspective...check out his IT Firefighter blog for a fresh IT perspective

 

What is Heartbleed?

No, it is not a cardiac condition.  It is not a virus.  It is a programming flaw in OpenSSL that occurred in 2011.  Has the programming flaw been exploited?  Who knows.  However, it is a serious new IT vulnerability that is being called one of the largest if not the largest Internet security flaw in history.

To make it clear, this vulnerability has the 

potential for affecting just about everyone on the Internet that surfs the World Wide Web.  It can also affect your (fire) company.

Heartbleed is a vulnerability that is related to the secure connection (https) between your web browser and the website your viewing.  This vulnerability can provide a method for hackers to steal usernames and passwords with almost no method of detecting that it is occurring.

So why worry about his?  Many (volunteer) companies use a company to provide web services for not only external customers, but also for internal use by the members/employees of the company. The data on those servers maybe at risk of being stolen.  This is even more of an issue if you have personally identifiable information stored in the member's only area. The vulnerability could lead to stolen identities.

The vulnerability can be found on websites that utilize OpenSSL as the method for securing that connection.  Security researchers in Finland and at Google found the bug in OpenSSL.  Many companies and websites that use OpenSSL are scrambling to patch the software.

Networking giants such as Juniper and Cisco are reported to have been affected by this bug.

Is there a test?  Here is a simple mechanism for testing whether your favorite site is affected.  Go to
https://www.ssllabs.com/ssltest/analyze.html  and enter the web address of the site you would like to test.  You will get a simple report card style grade back indicating if the site is affected.  As of this writing, Google received an A, Twitter and Facebook received an A-, and LinkedIn received a B (was a F on the 10th of April).

What can you do to protect yourself?

1.  Test the sites your visit frequently.  If you the site you use does not get a passing grade, I recommend avoiding that site until they do.
2.  Change all your passwords!
3.  Clear out the web browsers temporary storage also called cache.  Check out Ziff Davis Net for information on how to do this and other tips to be safe.

What can you do to protect your (fire) company website?

1. Test your website.  See what kind of grade they receive and if they are vulnerable to the the flaw.
2. Contact your web provider and find out if they are using OpenSSL to provide secure web browsing
3. Find out if they have patched yet, if not when
4. If they are not going to patch... Take your business elsewhere and find a new service provider!!!

 

Bandwidth_Pipe

 

Check out what else IT cares about, especially when it comes to streaming IP video on their network!

 

.

.

Out of curiosity, we ran a test on a few popular security industry websites:

Heartbleed_report_-_Bosch_score_A-

 

Heartbleed_report_-_Arecont

 

Heartbleed_report_-_IPVM

 

Heartbleed_report_-_Sony

 

Heartbleed_report_-_Ganz

 

Heartbleed_report_-_Dahua

Data compiled from various sources around the Internet.

Mashable - http://mashable.com/2014/04/10/heartbleed-programmer/ 
ZDNet - http://www.zdnet.com/how-to-protect-yourself-in-heartbleeds-aftershocks-7000028311/ 
Wall Street Journal - http://t.co/9GnqkajkVi 
Forbes - http://www.forbes.com/sites/jameslyne/2014/04/10/avoiding-heartbleed-hype-what-to-do-to-stay-safe/ 

 

Topics: Technical - Simplified

Medium Narrow Orange Line - horizontal
Need Help Icon orange
Medium Narrow Orange Line - horizontal
Search Keyword banner-2
    Medium Narrow Orange Line - vertical-1
    Subscribe Now Icon

    Search Keyword banner-2
      Need Help Icon orange