Minneapolis IT support company Tech Guru answers your questions about the CVE-2014-0160 vulnerability, also known as “Heartbleed.” See what you need to know about the threat that has made up to half a million trusted websites vulnerable to attack.
What is Heartbleed?
The “heartbeat” that normally draws sensitive information out of secure websites has been exploited to send fake heartbeat packets, thereby “bleeding” information. Attackers can get passwords, encryption keys, and other data over time, posing a severe security risk.
The vulnerability has existed for about two years but was largely unknown. Google discovered Heartbleed and notified vendors first, allowing them time to update security before informing the general public. Most, if not all, websites have already been patched.
Unaffected seems to be Microsoft IIS, because Heartbleed was using Open SSL (largely used by Linux).
What You Can Do
Even if you believe your exposure to the risk is nonexistent, it is recommended that you change all your passwords, as always choosing a complex combination of letters and numbers.
You can also use this site to check the security of a website you’re concerned about.
If you have more questions about Heartbleed or your IT security, please do not hesitate to contact Tech Guru.