The "Heartbleed" Break: Three Little Fixes Until Your Favorite Site is Fixed

April 09, 2014

"First the definition - keep in mind it's been ""in the wild"" for two years now: Heartbleed is a flaw (or as some industry insiders are calling a ""catastrophe"") in OpenSSL (the affected code), an open-source encryption technology that is used by an estimated two-thirds of Web servers. It is behind many HTTPS sites that collect personal or financial information. These sites are typically indicated by a lock icon in the browser to let site visitors know the information they're sending online is supposedly hidden from prying eyes.

Heartbleed Even Has its Own Logo Courtesy of Codenomic
Speaking of locks we all know it's a critical security key (and we're not talking about the Holy Grail of a Private Encryption Keys) that the code be as airtight as possible, and until the release of OpenSSL 1.0.1 on March 14, 1012 it was pretty ""bleed proof."" But to say that the bleeding started there would be incorrect, since the wound opened up on 12/13/11 - or at least that's when we first starting hearing about it.

We personally love how Tech Crunch's Alex Wilhelm put it - ""A large chunk of the Internet is broken at the moment.""

Today even the Canada Revenue Agency has shut down the public access portion of its website due to the Heartbleed Bug.

Reasons not to panic and 3 things you can do about to bandage the Heartbleed problem:

1) Thanks to Heartbleed and sites that have been affected, and the recommend you change your passport, you should definitely change your password.

IMPORTANT: Don't change your password BEFORE the site has installed the wildly open and available OpenSSL patch, that could do more harm than good. The Fix is out there and according to Codenomicon's spokesperson Ari Takanen: ""You should change your password and username after the service provider has patched their site. Otherwise you just contribute to the data that can be stolen."" (Codenomicon is a Finnish security firm who first discovered the Heartbleed vunerability.)

2) Heartbleed's became infamous on the Internet on Monday April, 7th - which spurred many sites to start scrambling to get the patch onto their servers. So Codenomic is recommending you take a ""day off"" affected sites.

IMPORTANT: How do you know if your favorite site is affected or that the patch has not been installed (?): you're in luck go to Heartbleed online checkers: Lastpass, Qualsys or Filippo Valsorda. If you're site is on it - stay away from it until the patch is installed. For a bit of laugh search Google.com

Keep in mind - Heartbleed only exposes data that's held in the server's RAM - this isn't the ""break-in"" steal-your-identity database flaw, in order for it to work your data needs to be in the server's memory when it's attacked to be exposed.

3) It might be time to employ the help of a password manager. A password manager just makes it easier to generate randomized password using letter, number and special characters. Features abound depending on the manager, again we like LastPass, Dashland andKeePass make great password managers.

Remember: Heartbleed has been around for two years - but now that the media is all over it, we can protect ourselves. Stay vigilant, run your site through a filter program, consider using a password manager, and once your site is patch change your username and password.

Protect your data and for all things cloud, internet or data center related: go to datacenters.com or call one of our data center specialists at (877) 406-2248."



    Image Description

    "First the definition - keep in mind it's been ""in the wild"" for two years now: Heartbleed is a flaw (or as some industry insiders are calling a ""catastrophe"") in OpenSSL (the affected code), an open-source encryption technology that is used by an estimated two-thirds of Web servers. It is ...