Heartbleed Bug: or, giving away the keys to the kingdom.
A major flaw in the way Open SSL is encrypted was discovered recently and is one of the biggest incidents in internet history. Open SSL is a way of encrypting communications between points in the internet. This encryption keeps hackers from seeing the contents of your communications, as well as keeps them from seeing your user name and passwords. Why is Heartbleed such a problem? It is in use by over two-thirds of the internet.
What can you do to protect yourself from Heartbleed? Nothing, it is too late. At this point all you can do is future mitigation and recovery. It is up to your providers to update Open SSL so the encryption flaw is patched and re-key their certificates. Once that is done, you should change your passwords. Routinely changing passwords is a good idea and a good password policy should include the following;
- Do no reuse ANY password or password schema you have used in the past two years.
- The password does not contain the account name of the user.
- The password is at least eight characters long.
- The password contains characters from three of the following four categories:
- Latin uppercase letters (A through Z)
- Latin lowercase letters (a through z)
- Base 10 digits (0 through 9)
- Non-alphanumeric characters such as: exclamation point (!), dollar sign ($), number sign (#), or percent (%).
These providers have acknowledged exposure to the Heartbleed Bug and recommend changing your password immediately. If you need help educating your employees on good security practices, or wish to create a security policy, or need help with any of your technology investment, call Guardian Solutions today 719.749.1112.
Amazon Web Services
Intuit Turbo Tax
If you want to check a website to see if it was potentially compromised, try this Heartbleed checker, https://lastpass.com/heartbleed/
For more reading, check out this helpful article: