Making headlines earlier this month, the Heartbleed encryption flaw had a major impact on online security. Some experts have called it one of the biggest security threats the Internet has seen. What exactly is and how does it impact you?
Simply put, the security flaw affects OpenSSL – a widely used open-source program for encrypting online services used by many banks, email providers, and sites using your personal information. Researchers at a Finnish security firm discovered the coding mistake in the program’s code.
Ever noticed the small lock icon and https in the address bar when you’ve been on sites such as Dropbox or Instagram? This indicates your data is secure. The Heartbleed bug creates an opening in the technology, allowing attackers to search and access information, without leaving evidence of ever being there.
Canadians felt the Heartbleed impact directly when the CRA (Canadian Revenue Service) had to shut down its site, halting income tax submissions among other services, for five days. A second year engineering student at Western University in London, ON was quickly arrested amid charges of exploiting the bug to steal sensitive information from the CRA’s servers.
Without a doubt, Heartbleed has made it clear we need to rethink our online security. Long term impact may include changes to how security audits are performed for open software.
Was your information compromised? It is hard to know for sure, but major users of OpenSSL quickly issued a call to change your password.
A number of popular sites hit by Heartbleed are recommending you update your passwords:
How does Heartbleed affect website owners? If you use SSL technology, check and confirm whether your certificate was based on OpenSSL. If so, you need a new certificate issued and installed. Worth noting, most certificate providers are doing this for free.
Sudymo Web Services has contacted all our customers whose websites may have affected and ensured their certificates are updated.