Heartbleed. What is it? How does it affect you? How can you prevent from attack?

10 years ago

Heartbleed sounds like some romantic teen novel title, doesn’t it?  But what it really is, can have a much larger impact and inconvenience you and those around you much greater than a horrible fictional story ending.

Heartbleed is a security bug in the open-source OpenSSL library, which has been used to implement the Internet’s TLS (Transport Layer Security) protocol.  This vulnerability is classified as a violation of memory safety.

A fixed version of OpenSSL was released earlier this month, the same time that Heartbleed was disclosed publically. When it was announced, around 500K of the Internet’s secure web servers were thought to be vulnerable to attacks, theft, retrieval of passwords and cookies.

Joseph Steinberg, a Forbes columnist said this, “"Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet.”

While many websites have corrected the bug and announced they were affected, prompted advice has been given to change passwords they use on websites.

We are happy to say that SquareHook wasn’t affected by Heartbleed.  But for safe measure, we reissued a new certificate.

Here are some recommendations we’ve found, and suggest to you to avoid the affects of Heartbleed.

• Avoid logging into accounts that have been affected-until you’re sure the company has resolved the security issues.
• Change your passwords for safe measure
• Keep a better eye on your financial statements for the next few weeks/months.

To check your site’s vulnerability, click HERE or HERE.