By the DynaSis Team
Week of April 7, the tech world was in a frenzy with news of the Heartbleed bug. Websites scrambled to close the flaw and notify their users that they were protected. Some security experts proclaimed that everyone, everywhere, should change all their Internet passwords―but not until each site was safe. Internet users looked on with confusion, not sure exactly what they should do.
Here at DynaSis, because our servers use Windows SSL and not OpenSSL (the security protocol that is vulnerable), we didn’t need to worry about it. For the handful of our customers that are running the Linux operating system and have a secure (https) website, we patched their systems as soon as the fix came out. Those patches took only a few minutes to install, after which time we confirmed that they were working. Mission accomplished.
The Heartbleed bug―which was not a virus, worm or any other type of malware introduced by criminals, but rather a coding flaw in the software itself―highlights the importance of regular system updates and patches. These types of security flaws are not uncommon in software code, and vigilant developers issue “repairs” as soon as they become aware of them.
The patches and updates that we and others receive from software developers contain these fixes. At DynaSis, most of our services include what we call “proactive network and server management,” which includes application of all patches and updates, so our customers never have to worry about patching their systems. (This service also includes a host of other benefits, but that’s not the topic of this blog.)
The real question, of course, is should you be worried? A study released last week by the U.S. Energy Department’s Lawrence Berkeley National Laboratory says they cannot find any evidence of a Heartbleed-based attack since January 2014. The researchers also suggested that any attacks in the two years prior to discovery of the Heartbleed flaw would have been uncovered by now.
However, now that the bug has been so widely publicized, it may become a target for cybercriminals. The top 1,000 most heavily trafficked sites have patched their OpenSSL installations, but millions of smaller sites have not. Researchers at the University of Michigan are maintaining a Heartbleed Bug Health Report which lists the top 1,000 most vulnerable sites and maintains updates on activity surrounding the flaw. Furthermore, a handful of Android mobile devices use the version of OpenSSL that contains the Heartbleed bug. Those concerned about the security of their information on the Internet or their Android device can take a variety of precautionary measures, many of which are covered in this article.
If all of this sounds like too much to process, much less handle on your own, the technical experts at DynaSis will be happy to assist. Just fill out our inquiry form or give us a call.