Experts have reported a major flaw in the security software used by millions of Web sites, including those of banks, credit card companies, e-mail and social media services. The flaw, dubbed “Heartbleed,” makes possible the exposure of users’ names and passwords, the content of their communications, and their data to anyone who knows how to exploit the weakness.
It’s as if your front door wasn’t locked. Someone could get in as long as it’s not fixed. We should be clear that this does not mean that anyone has already gained entry or that any of your information has necessarily been stolen. What it does mean is that your information and sites are vulnerable to access, theft and disruption until such time as a fix is applied.
What can you do about it?
The problem is related to software installed on servers. Fixes are available and being implemented by most web service providers. We here at DataPlex are providing advisory services, helping other companies to secure their websites as quickly as possible. Let us know if we can help you.
Once a website has been fixed, it may still be necessary to replace security certificates used for secured communications and change user passwords. We will recommend the extent these steps are necessary after the fix has been applied and we have been able to examine the servers in question.
We hope every server on the Internet gets patched, but, alas, that is not typical. Some servers will remain vulnerable, and the only way to tell is to run a test, such as the test available at filippo.io/Heartbleed/. Go to that site and type in the URL of the website you intend to visit, e.g. www.google.com (Google is safe, this is just an example). You should be concerned only about websites using https, also known as SSL and TSL or that are simply known as “secured websites.”
Our best, and we wish you a safe and productive web presence.