The Heartbleed bug has everyone wondering how vulnerable they are and what they’re supposed to do about it. It doesn’t help that some of the news reports are overblown or downright inaccurate.
Let’s stick to the facts, shall we? There are 3 key misconceptions that need to be busted here.
1: Heartbleed is not a virusWhat we’re looking at with Heartbleed is a programming defect — a “bug” — in common security software called OpenSSL. OpenSSL is used to protect https:// websites and secure mobile apps, as well as playing a role in the Apache Web Server and many security software vendors’ products.
This bug lets hackers get remote access to potentially sensitive data that should’ve been protected.
2. Heartbleed is not newThe bug has existed for roughly 2 years. It’s in the news this month, but it the risk has been there in the background for far longer.
3: Heartbleed is not everywhereIt`s only found in systems using the OpenSSL library. Other systems will be unaffected.
However, Heartbleed goes beyond websites. Other products such as databases may be affected too if they use OpenSSL.
What to Do
Check with your vendors to see if they use OpenSSL and, if so, whether they’ve patched the security hole yet or not. After patching, they should also generate a new security certificate and key.
After each of your vendors applies a patch, change your passwords on their systems. Don’t change your passwords before the bug has been patched, as this will leave your new passwords vulnerable.
360ict provides managed IT services, security and support to SMEs in central London and the south-east. Call us on 0208 663 4000 for free advice on how to protect your business IT.