This website uses cookies. Accept Cookies Find out more
Customer Login Register
Menu Menu

OpenSSL Heartbleed Security Vulnerability

11 Apr 2014 14:46 by Alexander John
Length:

There has been a lot of widespread attention to the Heartbleed vulnerabilty in OpenSSL. Unfortunately, some mainstream news outlets have over-simplified descriptions of Heartbleed that imply it is a pandemic vulnerability. It is not.

We are not impacted by the vulnerability as we do not use OpenSSL. All of our SSL services are delivered using Microsoft technologies that are not impacted by the OpenSSL vulnerability. Additionally, Microsoft has issued a statement stating that the implementation of SSL within Windows is not impacted either.

Although we are not directly impacted, we do recommend that our customers follow the general advice of changing their passwords of all online accounts. Many of our customers use the same username/password combination for all online accounts, and it would only take one of these online services to be exploited for their passwords to be potentially exposed.

That said, there is an argument against changing the password of an online account until that service has been patched or updated with a fix to Heartbleed. Otherwise, you might run this risk of either having to change the password twice, or even more worrying, your new password being potentially exposed.

There are a couple of online tools available to check whether a site is vulnerable to Heartbleed.

https://lastpass.com/heartbleed/

http://filippo.io/Heartbleed/

Caution: As some technical news sites have noted, using these test tools may be illegal under both UK and US law. Our advice is only to use them if you have permission and/or you are testing your own systems.

A final note: this vulnerability is not restricted to websites. OpenSSL is used in a multitude of applications from VPNs to firewalls to embedded systems. Even though its' existence has been known for 2 years, corrective patches and their installation may not occur immediately.

Changing your Calzada account password

If any customers wish to change their Calzada Media account password, this may be done through My Account. Click on the Account Security tab to access the change password facility.

Updated 19:05 11/04/2014

Additional note about legal implications of testing.

Author

Alexander John

Director, Alexander John (Calzada)
Nearly 20 years experience with all things IT, Internet & Web for companies small and large.
Microsoft Certified IT Professional (MCITP), MIET, MBCS
http://www.alexanderjohn.co.uk
Gravatar
The Road Ahead
News, updates and thoughts from Calzada Media

» Read blog

Recent Posts
Categories
 Loading ...
Our Products
Our Services
Contact Us
About Us

Report a problem with this page.

Valid XHTML 1.0 Transitional

Copyright © 2011 - 2024 Calzada Media Limited. All Rights Reserved