The world was hit with the news this week that some versions of a common encryption component used to protect your “secure information” had a serious flaw that gave hackers room to steal private data.
The component, OpenSSL, is used to encrypt your private information as it passes over the Internet, effectively turning your emails, passwords, IM chats and private social media into an undecipherable web of nonsense to anyone else but you and the service on the other side.
The “HeartBleed” bug gives hackers the ability to extract some of that information from sites with the vulnerable version of OpenSSL.
According to Business Insider, developers behind OpenSSL had already fixed the issue before it was announced. Service providers and businesses will need to apply fixes to servers, a step most large providers have already taken.
But that doesn’t necessarily mean everyone is in the clear.
Security firm Codenomicon, whose researchers played a role in the bug’s discovery, is urging people to change their passwords. As a security best practice, Citon recommends using different passwords for different types of accounts to protect against this and many other types of attacks. Switch things up — it’s best not use the same password for Facebook and your online banking account.
(Customer systems covered by a Citon managed service agreement will be checked for HeartBleed vulnerability. Notification will be sent if any patching is needed and Citon will provide guidance on the potential impact.)
Have a few more questions for our IT team? We’re happy to help you out.