By now you may have heard about the “Heartbleed Bug”, a serious security vulnerability in the OpenSSL cryptographic library. The OpenSSL library is used by a number of different computing platforms to secure communication between a client (typically in a web browser session) and a secure endpoint, typically a website or device used to allow access to secure business systems. Anytime you are conducting a transaction online you are typically using SSL, and you can tell that you are doing so when the URL starts with “https://” or when you see a padlock appear in the browsing session. It is estimated that this vulnerability effects upwards of 50% of Internet websites that use SSL, so the scope of the bug is potentially huge.
Because the vulnerability exposes extremely sensitive information to an entity who tries to exploit it, such as usernames, passwords, banking information, credit card information, and more, the threat is a very real and very serious one. You should take all reasonable precautions to secure your environment if you have systems that contain the vulnerability, as well as being aware of any communications from online vendors, such as banks, that may reach out to you indicating that they may have been subject to the vulnerability and that data may have been compromised.
For more technical information about the vulnerability you can start by looking here.
Thrive suggests that you do the following in response to the Heartbleed vulnerability:
- Analyze and secure your business systems that have the vulnerability present by shutting down and / or patching effected systems.
- Reach out to your third party vendors or providers about systems that utilize the Open SSL cryptographic library to ensure that the vulnerability is not present in those systems.
If you have any questions or would like Thrive to conduct a security audit of IT systems that are not managed by Thrive directly, please contact Thrive Networks today.