Heartbleed Bug Explained - And what to do About it

heartbleed updateThe first message is don’t panic.

Information and updates on the Heartbleed bug are still coming through and the message can be confusing leaving everyone from businesses to your granny unsure of what to actually do.

We’ve put together a simple explanation of the bug, what you can now do to keep yourselves on top of the situation and what we’ve already done about it for our customers.

 

Heartbleed Explained

The issue itself is specific to an application called OpenSSL which is used to encrypt data between a web server and a web browser. It is designed to prevent anyone ‘listening’ to your online activity and has therefore been adopted by many leading organisations as part of their security measures to protect online customers, from Amazon to local web traders.

Last week it was identified that a security hole left in the application means sites have been potentially open to data theft (unfortunately the opposite of what should have been in place). It means that over time random data may have been collected and potentially decrypted to obtain useful information, such as passwords or bank details. Reports claim that this hole may have been there for up to two years, however, it is not clear if this is a deliberate attack, or if any malicious activity has even taken place. All we know is that there was a gap, and in many cases this has now been closed.

 

I’ve heard I should change my password – should I?

Most reports have been urging everyone to rush and change your online passwords.

This is in part true, however, it is of great importance that you check whether the impacted site has fixed their site before doing so, otherwise you may be exposing your newly created password to the same vulnerable system.

You can easily check which sites have been affected, and if they are now fixed at LastPass: https://lastpass.com/heartbleed/

LastPass

 

Once LastPass have verified the site has been updated, you can then change your password to something new and robust.

Are Mirus Customers Protected?

Yes - The bug itself has only impacted Linux operating systems which typically accounts for a small portion of business networks, if at all. All Mirus customers operating Linux (only 1%) will have already had their systems scanned and had the issue patched without noticing, with further instructions and alerts already posted through our support tickets.

 

If you have any questions or concerned you can contact Mirus on 0845 519 5055 or info@mirus-it.com.