Recently, news of a major security issue known as the Heartbleed Bug has been circulating around the internet.
The security flaw affects all systems that use OpenSSL, a security protocol that is utilized by a large portion of websites on the internet.
In the most basic terms, the Heartbleed Bug may have exposed a bunch of personal information to attackers, including passwords, financial details, emails, and more.
The technical nitty-gritty
SSL (Secure Sockets Layer) is a cryptographic protocol that’s used to secure information as it is exchanged between two parties. The information can be anything, from a password to an instant message to credit card details.
The information is encrypted and can only be decrypted by one of the two parties, ensuring the security of its contents. The Heartbleed Bug was allowing outside parties to read server and client memory content, possibly exposing the unique keys that are shared between the two parties in order to decrypt information.
This would mean that any and all messages that were sent using that encryption key could be read by the attacker. It wouldn’t matter if the information was sent before or after the key was found, as long as the information was encrypted using the same key.
Your IT security
So, what does all of this mean for the clients of West County? Chris and the team jumped right on the security issue as soon as it became known to the company.
For all of our websites, SSL certificates had updated patches installed. Chris upgraded Apache’s OpenSSL mod on all of our servers—the new version of OpenSSL fixes the Heartbleed Bug security flaw.
We’ve also been in contact with our SSL certificate provider, who has assured us that none of their certificates have been compromised. Further, we checked all of our servers for any other possible vulnerabilities and found none.
Moving forward
Our clients and their customers have nothing to worry about with regard to the security of their websites. At least with regard to all of West County’s websites, life on the internet can continue as normal.
However, that doesn’t mean that everyone has fixed their Heartbleed issues. It may take some time before every affected website has updated its security. At the moment, it simply isn’t worth it to go about changing all of your passwords, as some of your favorite sites may still be compromised.
For now, try to avoid sending sensitive information over the internet as much as you can. Most of the big name companies will have everything back under control within a few days, but you can never be too careful.