360 Degree Cyber Security, LLC

Tag Archive:HeartBleed

What is Heartbleed?

What is Heartbleed?  No it is not a cardiac condition.  It is not a virus.  It is a programming flaw in OpenSSL that occurred in 2011.  Has the programming flaw been exploited?  Who knows.  However, it is a serious new IT vulnerability that is being called one of the largest if not the largest Internet security flaw in history.

To make it clear, this vulnerability has the potential for affecting just about everyone on the Internet that surfs the World Wide Web.  It can also affect your fire company.

Heartbleed is a vulnerability that is related to the secure connection (https) between your web browser and the website your viewing.  This vulnerability can provide a method for hackers to steal usernames and passwords with almost no method of detecting that it is occurring.

So why worry about his?  Many volunteer companies use a company to provide web services for not only external customers, but also for internal use by the members/employees of the company. The data on those servers maybe at risk of being stolen.  This is even more of an issue if you have personally identifiable information stored in the member’s only area. The vulnerability could lead to stolen identities.

The vulnerability can be found on websites that utilize OpenSSL as the method for securing that connection.  Security researchers in Finland and at Google found the bug in OpenSSL.  Many companies and websites that use OpenSSL are scrambling to patch the software.

Networking giants such as Juniper and Cisco are reported to have been affected by this bug.

Is there a test?  Here is a simple mechanism for testing whether your favorite site is affected.  Go to


https://www.ssllabs.com/ssltest/analyze.html  and enter the web address of the site you would like to test.  You will get a simple report card style grade back indicating if the site is affected.  As of this writing, Google received an A, Twitter and Facebook received an A-, and LinkedIn received a B (was a F on the 10th of April).

What can you do to protect yourself?

1.  Test the sites your visit frequently.  If you the site you use does not get a passing grade, I recommend avoiding that site until they do.
2.  Change all your passwords!
3.  Clear out the web browsers temporary storage also called cache.  Check out Ziff Davis Net for information on how to do this and other tips to be safe.

What can you do to protect your fire company website?

1. Test your website.  See what kind of grade they receive and if they are vulnerable to the the flaw.
2. Contact you web provider and find out if they are using OpenSSL to provide secure web browsing
3. Find out if they have patched yet, if not when
4. If they are not going to patch… Take your business elsewhere and find a new service provider!!!

Data compiled from various sources around the Internet.
Mashable – http://mashable.com/2014/04/10/heartbleed-programmer/
ZDNet – http://www.zdnet.com/how-to-protect-yourself-in-heartbleeds-aftershocks-7000028311/
Wall Street Journal – http://t.co/9GnqkajkVi
Forbes – http://www.forbes.com/sites/jameslyne/2014/04/10/avoiding-heartbleed-hype-what-to-do-to-stay-safe/