k_Street Consulting, LLC Blog
Warning: Heartbleed Bug Assails the Web
The same day that Microsoft ceased supporting Windows XP with security patches was also the day a vicious little monster was discovered – the Heartbleed bug, which renders privacy in the OpenSSL cryptographic library completely obsolete. Basically, anything utilizing the OpenSSL open source library is at risk here. Websites utilizing this form of encryption include Yahoo! Google, and Facebook. To put it in perspective, sites that utilize OpenSSL number more than two-thirds of the entire worldwide web. Though this bug only applies to versions 1.0.1 and 1.0.2 beta of OpenSSL, hackers are able to obtain private keys which can be used to obtain sensitive information from countless people all around the world. Nothing says "heartbreak" like having your identity stolen and your sensitive data Shanghaied.
The bug itself isn't the result of a design flaw in the SSL/TLS specification, but is more of an implementation problem. It is a programming mistake that allows for leaks in sensitive information from any applications and services using OpenSSL. Normally, bugs like this are detected and fixed before they get too out of hand. However, this one has left particularly large amounts of data exposed since as early as December 2012. Furthermore, this bug leaves no traces and you probably won't know if you've been exploited until it's already too late.
Here is a list of affected websites. If you have accessed any of these sites over the past two years, you should change your passwords immediately.
If you aren't sure if a site has been affected by heartbleed, or if the website has applied a patch that fixes the problem, type the website URL into this checker and it will tell you if the website was affected.
If your company has been the target of an attack, contact k_Street Consulting, LLC. We'll use our remote managed IT services to keep your personal information safe. Call (202) 640-2737 today before your heart gets broken!
Comments