by Mark Carter
Posted 4/14/2014 03:30 pm
Updated 8 months ago
In late December when bloggers and TV show hosts recount the buzz words of 2014, no doubt "heartbleed" will occupy a place on each list. We don't yet know the full impact of the Heartbleed bug, but let's hope it's relegated to nothing more than a blip on the 2014 radar.
By now, most of us possess at least a vague familiarity with Heartbleed. Fortunately, there are folks out there who can guide us through the risks associated with it.
Little Rock "digital sherpa" Keith Crawford blogs at KnowtheNetwork.com. This week, he explains just what the bug is, and best yet...even uses illustrations. A sample:
Heartbleed is going to affect you in 2 primary ways.
Lots of password changes
Every account you have with a website that used OpenSSL should be considered compromised and you need to go change your password. Thankfully many sites are sending out emails and publishing blog posts to notify their users. This password reset is to prevent any unauthorized access (folks other than you) from logging in to the site or app just in case your password might have been exposed using Heartbleed...
Malicious Websites using a stolen "valid" certificate
Let’s start with an oversimplified explanation of Secure Websites.
When you login to your bank the little lock in your browser means that your bank bought a certificate from the web trusts and is using it to encrypt your data so other folks at the coffee shop don’t get a peek at your password. That security lock means 2 things: 1) you are really dealing with your bank and 2) information submitted through that webpage is secure and only visible to your bank. That is what SSL technology does in a nutshell. You can see that when that system is compromised its a big problem. Welcome to Heartbleed.
Read the full post here.
Meanwhile, Kernel is an IT security provider with offices in Springdale and metro Denver that is offering a free server test for Heartbleed. Just enter the URL of a suspected site and the service will tell you if the site is affected. Try it here.
Kernel's Justin Farmer offers up a brief summary of the virus in his Heartbleed Check blog. A sample:
If you don’t know what Heartbleed is or what it really means to you, I’ll briefly sum it up: Heartbleed is a vulnerability found in the technology that secures websites and tons of other communication technologies. This vulnerability allows people to snoop the memory on the web server running the website you visit. Ideally, the interested person could see passwords, user information, session information, etc. OpenSSL, the specific cryptographic software that is vulnerable, is used on about 2/3 of the Internet! The news has reported that banking sites, webmail, and practically anything with an https:// at the beginning of the web address (that’s what the little padlock in front of the address means) has been vulnerable for the last 2 years. The recommended action is to change your passwords!
Read the full post here, and good luck.