Heartbleed is the name of a security flaw discovered in a widely-used encryption technology called OpenSSL. This flaw exposes usernames and passwords that are supposed to be private and secure. It is estimated that nearly 20% of secure web servers certified by trusted authorities use OpenSSL.
SSL stands for Secure Socket Layer, a form of encryption that protects your private information when using the web. This is what is used to protect you when you log in to your banking website, purchase things online, etc.
A fixed version of OpenSSL was released on April 7, 2014, at the same time that Heartbleed was publicly announced. This security vulnerability was so dangerous that most organizations using the OpenSSL technology immediately patched their web servers and issued announcements about the actions they’d taken.
While the flaw may have been fixed on the websites you use, it doesn’t mean that your security hasn’t been compromised. Your username and password could have been hacked before the flaw was fixed. There are two ways you can protect yourself:
- Change all passwords that you use on the web, especially those that you use for banking sites, merchant sites like Amazon.com, etc.
- Test websites that you use with an online Heartbleed checker tool. One that’s easy to use is at http://safeweb.norton.com/heartbleed
For businesses, the dangers can be even more catastrophic, particularly if you offer ecommerce solutions and other ways for your customers to obtain information through a secure login. It's important to check your web servers and any cloud services that you use. Check with your IT department or IT vendor if they haven't already informed you of your security status. Provisio can also provide a security evaluation, so let us know if we can help.