Jeff Cutler's Keys to Security

Apr 10 2014   12:09AM GMT

Heartbleed – All Your Sites Are Unsafe

Jeff Cutler Jeff Cutler Profile: Jeff Cutler

It’s finally happened. No need to be running Windows XP. No need to be running around leaving your credit card receipts on the ground outside 7-Eleven stores. No need to leave the keys in your car ignition. Now, it’s just enough for you to be a member on one of these sites – list courtesy of GitHub. The Heartbleed bug might have already bitten you!

Courtesy of Flickr - Creative Commons from https://www.flickr.com/photos/jassen/2489763818/

Courtesy of Flickr – Creative Commons from https://www.flickr.com/photos/jassen/2489763818/

So, what’s a smart IT person to do? You should move quickly and calmly toward seeing if your sites and activity are vulnerable. Be aware that the situation has been the same for two years and people are just catching on to it now. Then you should get your whole team in a room and explain the issue to them.

Then, once people understand the gravity of the situation you should have them start changing passwords where necessary.

In fact, according to a great piece on Business Insider – here’s how to protect yourself once you find out you’re affect. And you ARE affected. We all are. Sites like Yahoo, FitBit, Slate and Eventbrite are on the list, so get going and fix your passwords.

Screen Shot 2014-04-09 at 8.07.18 PM

How can something like this happen? You tell me. Aren’t we all using double verification for sign-in? Aren’t we all changing email addresses and passwords for each site we access? Aren’t we using crypto keys that change every 20 seconds for access to company VPNs?

Um, no. I don’t think we are. And why not? Isn’t this wake-up call just one more in a long line of breaches that should wake up the entire IT industry? I would say so. And I’d say, get going. Share this blog post and then go change your passwords.

We’ll talk again next week.

4  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Michael Tidmarsh
    It's amazing this bug went unnoticed for two years! I think that's the most troubling issue in this whole story.
    28,665 pointsBadges:
    report
  • Jeff Cutler
    Seriously! Two years of this. My only hope - though my password purge and change is underway - is that they had the access, but didn't get to the point of using it in any widespread way. Maybe just the repeated hacks of AOL and Yahoo were as much as they did.

    Thanks for writing Michael!
    225 pointsBadges:
    report
  • Wolfgang Dietl
    Interestingly it seems not to affect Microsoft Azure.
    100 pointsBadges:
    report
  • Jeff Cutler
    Wolfgang, That's so odd. Not that I have an axe to grind about MSFT, but their products are so prevalent that it's odd when vulnerabilities DON'T show up in their products. Good catch. Thanks for reading. Jeff
    225 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: