The Heartbleed virus has been out in the wild for a little over two years now. So why all of the panic all of a sudden? Here’s what you need to know about the latest virus threat to hit mainstream media:
What is The Heartbleed Virus?
Heartbleed is a security bug or programming error in popular versions of OpenSSL – a software code that encrypts and protects the privacy of your password, banking information and other sensitive data you type into a “secure” website such as Canada Revenue Agency or Yahoo Mail. Such websites can be identified by the little “lock” icon on your browser or the “s” at the end of “https” before the web address. The vulnerability allows “anyone on the internet” to read the memory of the system protected by the bug-affected code (or the server where the data is stored). That way, they can get the keys needed to decode and read the data.
Does this impact my business?
The Heartbleed virus is not a typical virus, but rather a vulnerability in software. Most small and medium businesses do not utilize OpenSSL. This vulnerability is impacting larger organizations, such as banks, hosting companies, email providers and government agencies. The biggest risk to anyone, including businesses, is the breach of personal data that could be held at these locations. Most of the organizations that are at risk are taking the proactive approach and patching the hole before data is stolen. They may release an official statement with further instructions, such as changing your password.
Are there any specific web services my business may use that have been impacted?
The technology website Mashable has compiled a list of popular sites that may have been impacted, and suggestions about whether you need to change your password.
Here’s are some other services that are not on the list and how they may be affected:
- Android: According to the Google blog April 9, Heartbleed only affects Android 4.1.1 and patching information for Android 4.1.1 is being distributed to Android partners.
- Canadian banks: Late April 9, Canadian Bankers’ Association said there is no need for online banking customers to worry about their private information being stolen.
- Canada Revenue Agency: As of April 10, web services were still not available. The agency is expected to provide daily updates at 3 p.m. ET.
- Devices running VPN: Devices running the following software were affected: Cisco Systems Inc’s AnyConnect for iOS and Desktop Collaboration, Tor, OpenVPN and Viscosity from Spark Labs. The developers of those programs have either updated their software or published directions for users on how to mitigate potential attacks.
At Partek we have been proactive in reaching out to our clients that may be impacted by this, so if you have not heard from us, you have no reason for concern. As always though, if you have any concerns, please contact our office.