Heartbleed: Security Update

By Scott Barkman on April 16, 2014

Heartbleed: Security Update

On April 7th, a security vulnerability was unveiled that affected a large portion of the internet. Ironically, the bug was found in an extremely popular piece of software, OpenSSL, which is designed to make the internet safer. Although the bug has been present for 2 years, a fix was already available the moment the vulnerability was announced. We at Lift have already taken the necessary steps to ensure our servers are running this patched version of OpenSSL.

What is Heartbleed?

Heartbleed came down to a simple coding error inside an OpenSSL plugin called heartbeat. It is not a virus and was not put there by hackers. Despite the grave security implications, this did not unwillingly leak information on its own. However, this bug could allow skilled attackers to access information that should have been private, including private keys, which is like getting the key to a bank secure lock box.

What should I do about it?

There are tools available to check whether or not the popular sites you visit have patched their servers yet or not. It is highly recommended that you change your password on any site that may be affected. If any site sends out a message, or displays an alert that prompts you to change your password, change it — even if you have done so recently! New information on affected systems is being discovered constantly.

Heartbleed will likely go down as one of the worst security vulnerabilities the internet has seen, though this is partly due to clever marketing and one scary looking logo. But you can limit the damage caused by Heartbleed (and the bugs that will follow) by taking password reset prompts seriously, not reusing passwords and not using the same password on a site for too long.

We hope that this rather large security problem will prompt users to take their passwords and security more seriously.

Scott Barkman

Senior Developer

Want to grow with digital?