Vulnerability Alert: Heartbleed SSL Bug

Heartbleed SSL Vulnerability

Last week a significant Internet vulnerability was made public that impacts many secure websites. Basically, there is a weakness in the OpenSSL certificate standard that could allow a skilled hacker to steal passwords from public facing websites.

Here is an article about the Heartbleed vulnerability: http://readwrite.com/2014/04/08/heartbleed-openssl-bug-cryptography-web-security#

There are two things for you to be concerned with:

Personal websites that you access. There are many major websites that have been impacted (including Facebook, Google, Yahoo and GoDaddy), and for those sites you should change your password immediately. And for that matter, change it every 90 days. Please review this link for a list of some sites that are at risk: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/. There are likely many other sites, so we recommend that you pay attention to the news over the next few days for updates.

Your corporate public facing website. Very few of your corporate websites will be impacted. Only websites that perform secure transactions or require encryption are potentially vulnerable. These types of websites will have an address that starts with https (the “s” in https denotes an SSL encrypted site).

Here is a link to a simple test that will let you know if your website is vulnerable: https://lastpass.com/heartbleed/. When you run the test, if the results states “Unable to get HTTP headers” your website is safe. If you fail the test please contact us.

Please pass this information on to your colleagues and friends.