[Blog]

Patching up Heartbleed's Security Scars & Protecting your Information from this Dangerous Data Bug

There is a new and very dangerous security vulnerability named Heartbleed that was recently discovered.  It is more important than ever to protect your information online and Red Door has taken action to keep our client’s information safe and secure. We are happy to share this information with you and offer expert advice so that you can avoid the consequences of Heartbleed.  

What is the Heartbleed OpenSSL Vulnerability?

Heartbleed is a software bug that creates a vulnerability in OpenSSL, which is a cryptographic library that is used to secure a very large percentage of the Internet’s traffic.  OpenSSL is used by many commonly used applications, websites, VPNs and by about 50% of the Apache servers that power the Internet.  This bug does not affect Windows powered servers

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

How did Red Door help our clients react?

Red Door Interactive performed an analysis of servers both internally and externally.  We have taken action on the servers that were affected. We changed passwords for those servers affected and also connected, as needed, with clients and hosting vendors to make sure that production servers have been patched.  At this time there is no evidence that any passwords or private information has been compromised.

How to check for Heartbleed?

You can use the following link to determine if your sites are affected by this vulnerability. Please note this site’s services are NOT affiliated with Red Door Interactive. If a vulnerability is identified using one of these tools a patch should be applied and new private keys should be generated immediately.

http://filippo.io/Heartbleed/

If you are a client and concerned that you may have this vulnerability, or need assistance please give your Red Door Interactive Business Manager a call or contact me at rhadler@reddoor.biz. We can run tools that can verify whether or not you have this vulnerability and work with vendors to apply the patches required to remediate the vulnerability and generate new private keys.

What else can I do?

  • Individuals should update their passwords across the various Web pages they use, but only once they have confirmed a site has already taken the proper measures to address Heartbleed. If they don't and that site is still at risk, the new password could also be compromised. Many sites will also likely send e-mails instructing customers to update passwords if necessary.
  • Do not ever use the same password at two sites that matter to you. Ever. Heartbleed or not, this lowers the security level of any site with that password to the level of the least-secure site where you've ever used it.

If you have questions about Heartbleed not answered in this post please feel free to contact me at rhadler@reddoor.biz

comments powered by Disqus