By now you probably have heard about the latest security bug Heartbleed. The bug even has its own dedicated website and logo (http://www.heartbleed.com).
Despite the fact that it has actually been a known issue for a few years, the recent public announcement has captured a lot of attention. While there are no known exploits yet, it is important to take action to prevent the security issue from affecting you.
So, what is it?
Anytime you visit a website with sensitive information, you should see “https” in the website address. The “s” is what shows that the site is secured. If you don’t see it, the data you are viewing or sending is unencrypted, and therefore insecure.
While “https” can be implemented in a number of different ways, one of those ways, called OpenSSL, has a flaw. This flaw, Heartbleed, allows someone to see what data you are sending or receiving. In addition, this flaw can allow someone to pretend they are the secure site you think you are accessing and trick you into sharing personal information.
It’s like having a private phone conversation only to find out that someone can listen in without either person on the call ever knowing.
What does it mean for you?
Change your password immediately on any site that’s affected (assuming they have already fixed the problem on their end). An even better option is to change your password on all sites for which you have accounts. This should be a standard process to help ensure your digital identity is not stolen. If you notice any suspicious activity on any accounts you have, such as Facebook, Google, or Yahoo, your information may have been compromised.
Mashable.com did a great job outlining the site impacts: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
When in doubt, check with your business and personal sites for impacts.
In addition to websites you visit, make sure to check your home router for impacts as well. Just look up the model or contact the manufacturer.
What does it mean for Efficio?
Efficio does not use OpenSSL and is not impacted by this bug; however, we always encourage you to change your password regularly as a best security practice.
While no one knows all the impacts from this security bug, we will continue to keep you informed as new information is released. In the meantime, change your passwords while IT teams scramble to assess the impacts and release fixes as needed.
By Matt Longhouse, Co-president of Efficio, IT