Heartbleed Vulnerability: What it is and how it affects you

What is Heartbleed?

art_heart-bleedIt is important to understand that Heartbleed is not a virus, but rather a mistake written into OpenSSL, a security standard encrypting communications method used by many online services. The mistake inside OpenSSL code makes it viable for hackers to extract data such as usernames, passwords or bank information, depending on the respective online services’ offering.

Was or is Artemis affected by Heartbleed?

No, Artemis has not utilized the OpenSSL. Artemis utilizes SSL certificates from other certificate authorities, such as Symantec or GoDaddy, not affected by this programming mistake. Any hosted services provided through Artemis are safe to navigate and utilize.

The widespread impact of the Heartbleed Security bug is unprecedented, and while your accounts remained secure we do recommend that you take the time to change your passwords across all the sites that you access online.

We also encourage you to maintain general security best practices including, regularly updating your passwords, using different passwords for each system you access, and always keeping your passwords confidential.
We recognize the seriousness of this threat and want to assure you that we are committed to protecting your data. We will continue to actively monitor and assess potential vulnerabilities across all our technology platforms.

What is OpenSSL?

SSL stands for Secure Sockets Layer and is the standard security technology for establishing an encrypted connection between two devices, i.e. browser and web server or smartphone and email server. This link ensures that all data passed between the web server and browsers remain private and integral. You can recognize a secure connection on the web address prefix of HTTPS instead of HTTP. “S” stands for secure.

OpenSSL is an open-source implementation of the SSL, a library that provides cryptographic functionality to applications such as secure web servers.

More Info >

Heartbleed’s engineer: It was an ‘accident’

Summary: The programmer responsible for code leading to Heartbleed says the flaw was accidental, despite its catastrophic consequences.

By Charlie Osborne for Zero Day | April 11, 2014

Heartbleed is an encryption flaw which affects OpenSSL’s 1.0.1 and the 1.0.2-beta release, 1.01 which is used widely across the web and in a number of popular web services. The flaw can theoretically be used to view apparently-secure communication across HTTPS, usually denoted by a small closed padlock in a browser’s address bar.

The data potentially at risk includes everything from passwords and encryption keys to financial details and personal identifiable information—allowing a hacker to dip in, swipe data, and leave no trace of their existence.

Read more >

Tags: , ,

Looking for solutions? Right this way!