Heartbleed has been all over the news recently as the latest ‘virus’ to attack both business and personal systems and threaten all sorts of consequences from data loss to security breach. In fact, Heartbleed is not a virus at all but a software defect, one that unfortunately went unnoticed for a considerable period of time and which has drawn all sorts of accusations of intentional planting – which have been strenuously denied by the developer.
The threat, essentially is that the Heartbleed flaw allows information to be extracted – not particularly efficiently and not in instantly vast quantities - but there are lots of opportunities to attempt to extract information that might include anything from logins and passwords to ‘private keys’ that are used to protect and encrypt information in transit. So, there is definitely a threat from Heartbleed and that means precautions are necessary.
Have Geeks' applications been affected?Many of our clients have been worried and asked us if their applications' security could have been affected by Heartbleed.
Fortunately that's not the case. Our applications are created bsed on Microsoft .NET technology. So they run on Windows servers, whereas Heartbleed is a bug in OpenSSL which affects non-Windows hosting environments only. If we made your application, you're safe.
How to protect yourself from the effects of Heartbleed?Changing your passwords is the most obvious solution to this situation as if your data has been extracted, whether that’s personal or business data, then you can restrict access to it by changing your login. Some experts have insisted that passwords are safe if they haven’t been changed in the last two years (prior to when the faulty code was introduced), however, this is dubious and it’s probably better to err on the side of caution.
A ‘patch’ has been made available for this piece of bad code and so you are most likely receiving emails from internet provider and hosts about how they have taken action to try and guard against any security breaches from Heartbleed. If you have any questions about whether a service you have been using has received attention to make it secure again then you should not hesitate to ask – it’s not a good idea to try and test this yourself or to guess.
How to tell the difference between genuine information and Heartbleed hype?Watch out for the follow up to this situation, which is most likely to be a whole host of fake emails from cybercriminals looking to make the most of the fact that everyone is jittery about Heartbleed to try traditional password and username stealing tactics.
For example, you might start receiving emails containing fake notifications and links that offer fantastic solutions to the problem (and which will always ask you for your personal data). If something looks suspicious then don’t click on it and check first with the source that it claims to be from. Cybercriminals tend to see situations such as this as a prime time to launch nasty code and secondary attacks so be particularly on your guard when it comes to clicking on anything that comes into your inbox.
Is Heartbleed relevant to businesses?For those SMEs and businesses concerned about Heartbleed, another aspect to watch out for is impact outside of just websites – we have seen examples of issues with products from security vendors to customer databases, for example, so don’t assume that this only affects online sites. If you’re unsure or worried then check with the product vendor re vulnerabilities and when they are planning to patch otherwise you could find your business the victim of an unexpected attack within your network.
If you're concerned about the security of your software, then feel free to give one of the Geeks a call to discuss your options.
About Geeks Ltd
Our passion is business efficiency enhancement for our clients via smart application of automation techniques.We are winners of international awards for our innovations in business productivity.
We have attained Gold Certified Microsoft Partnership level which represents our highest level of competence and expertise with Microsoft technologies as well as our close working relationship with Microsoft.At this level we have been granted access to exclusive Microsoft resources and support, access to the Partner Knowledge Base, and many other advantages which contribute to our capacity to meet our clients needs.