The Reality of Heartbleed
Information regarding the Heartbleed vulnerability is completely scattered with inaccurate misconceptions. Every major news outlet is writing their share of media with no solutions. In fact the media has misidentified this Heartbleed bug as a “virus”.
Heartbleed is a vulnerability in OpenSSL security (used frequently in secure websites; such as banking, healthcare, etc.)
Just today (as of writing this) a Heartbleed attack has already affected the Canadian tax agency by delaying their tax-return deadline for a week.
Typical information types targeted include:
- Personal information including address, phone numbers, and contacts
- Financial credentials such as tax, accounting, credit card, bank accounts, and payment information
- Confidential business documents pertaining employee, tax, and client information
Small and medium sized businesses are recommended to assess their network security devices used to remotely access office networks. Such devices used in transition for passwords and usernames should be inspected and monitored. Manufacturers in the process of providing updates with security patches should be implemented immediately. (need help with this?)
From a business perspective, no company wants to be identified as being vulnerable to the Heartbleed bug.
Most companies have already implemented security protocols. However, you will still want to schedule routine password changes with a unique password. (It is advised not to use the same password for multiple websites)
In particular, consider the following list and change passwords appropriately. If the service is not available for patching, you’ll want to change your password again after they fully resolve the vulnerability.
List of Major Affected Websites (as of 4.17.14)
|Social Media||Should You Change Your Password?||Patched?|
|Facebook and Instagram||Yes||Yes|
|Twitter and Vine||Yes||No|
|Google Plus and YouTube||Yes||Yes|
|LinkedIn and Slideshare||No||No|
|Should You Change Your Password?||Patched?|
|Hotmail and Outlook||No||No|
|Financial Institutions||Should You Change Your Password?||Patched?|
|Bank of America||No||No|
|Government and Taxes||Should You Change Your Password?||Patched?|
|Other Popular Sites and Companies
||Should You Change Your Password?||Patched?|
|Amazon Web Services||Yes||Yes|
As always CyberStreams can provide assistance for vulnerabilities such as these. Creating an action plan for future attacks is necessity towards safeguarding data information. Give us a call at:(425) 274-1121