This website uses cookies We use cookies on this website to provide services, features and to analyze our traffic. You consent to our cookies if you continue to use our website. Accept Cookies Find out more
The Road Ahead
News, updates and thoughts from Calzada Media

OpenSSL Heartbleed Security Vulnerability

0
11 Apr 2014
 by Alexander John
Length: 1 minute, 45 seconds (351 words)

There has been a lot of widespread attention to the Heartbleed vulnerabilty in OpenSSL. Unfortunately, some mainstream news outlets have over-simplified descriptions of Heartbleed that imply it is a pandemic vulnerability. It is not.

We are not impacted by the vulnerability as we do not use OpenSSL. All of our SSL services are delivered using Microsoft technologies that are not impacted by the OpenSSL vulnerability. Additionally, Microsoft has issued a statement stating that the implementation of SSL within Windows is not impacted either.

Although we are not directly impacted, we do recommend that our customers follow the general advice of changing their passwords of all online accounts. Many of our customers use the same username/password combination for all online accounts, and it would only take one of these online services to be exploited for their passwords to be potentially exposed.

That said, there is an argument against changing the password of an online account until that service has been patched or updated with a fix to Heartbleed. Otherwise, you might run this risk of either having to change the password twice, or even more worrying, your new password being potentially exposed.

There are a couple of online tools available to check whether a site is vulnerable to Heartbleed.

https://lastpass.com/heartbleed/

http://filippo.io/Heartbleed/

Caution: As some technical news sites have noted, using these test tools may be illegal under both UK and US law. Our advice is only to use them if you have permission and/or you are testing your own systems.

A final note: this vulnerability is not restricted to websites. OpenSSL is used in a multitude of applications from VPNs to firewalls to embedded systems. Even though its' existence has been known for 2 years, corrective patches and their installation may not occur immediately.

Changing your Calzada account password

If any customers wish to change their Calzada Media account password, this may be done through My Account. Click on the Account Security tab to access the change password facility.

Updated 19:05 11/04/2014

Additional note about legal implications of testing.

Comments
No comments available.

Comment submission is disabled.

 Loading ...
Copyright © 2018 . All Rights Reserved