You may or may not have heard of something which has been hitting the technology news this month – called the Heartbleed Bug. This is a bug relates to something called OpenSSL, which is used on some secure websites and networking devices (such as routers) which use a secure connection to encrypt the data transmitted between computers and servers. You can normally tell when you’re on a secure website as there is a padlock in the address bar, in the top left of the web browser. Some examples of secure websites are Google Mail and Facebook. The bug which has been found, means that data transmitted, such as usernames, passwords etc. could have been exposed, if someone was monitoring the traffic using the bug.
The immediate advice was to change your password for any secure websites you use, however if the website in question hasn’t yet implemented a fix for the bug, you could expose both your old password and your new password. Some examples of secure websites from some of the big providers are Google, Facebook, Dropbox, Tumblr and Yahoo. You should change your password for these websites as they have already implemented fixes.
It’s advisable to change your password for any secure websites you use, but only once you know that the website in question has been fixed.
If you want to check if the website you would like to change your password for has been fixed, use this website created by developer Fillippo Valorda where you can enter the website address to see if it has been fixed.
Remember this bug affects secure websites (the ones with the padlock in the web browser) – so if you’re a business testing your own ‘brochure’ website using the link above – it will probably tell you something went wrong as your not using a secure website, which is normal for ‘brochure’ style websites.
It has also been found to affect some routers and networking devices, as they might be running OpenSSL and therefore be exposed to the same bug, meaning there is a possibility of data being captured from them.
At the time of writing, from various online sources (including the BBC), it has been highlighted that the affected devices known at this stage are from these manufacturers – Cisco, Linksys, Juniper Networks, Fortinet, Red Hat and Watchguard Technologies.
If you run a device from one of the above listed manufacturers, it is advisable to get in contact with your supplier or directly with the manufacturer to see if they have released a fix which can be applied to your device. Alternatively you could consider switching your device with one from another manufacturer to minimise the potential risk to your business.
The long term issues raised by this bug are still unknown at this stage, and we’ll continue to update this article as we learn more.
If any doubt, please ask us for advice and we’ll be happy to help. The usual contact number is the best way to get hold of us – 01527 908646