On Monday, 7th April 2014, the Heartbleed bug was revealed by Google and a Finnish security firm, Codenomicon. It’s described as one of the biggest security holes the internet has ever seen. As well-known cryptologist Bruce Scheier puts it, “Catastrophic is the right word. On the scale of 1 to 10, this is 11.”
But what exactly is Heartbleed and what does it mean to your business?
The Heartbleed bug is a serious vulnerability in the popular OpenSSL library version 1.0.1, introduced in March 2012. It allows hackers to read the memory of your servers, stealing important data such as usernames, passwords, credit card information and the secret keys to your SSL certificates. You can learn more about the bug from the official Heartbleed website.
OpenSSL is a very popular library used by as many as two-thirds of web servers around the world. If you use open source web servers like Apache and nginx, then you’re already using OpenSSL. The loophole has been around since March 2012, and attacks leave no trace at all. That means your servers may have been compromised without you knowing it!
If you think the problem can be solved by simply asking your customers to change their passwords, you’re wrong! First, you’ll have to update your servers with a secure version of OpenSSL. Then, you’ll have to revoke the compromised keys and reissue new ones. This is a tedious but necessary process depending on your SSL certificate provider. Only when you’ve completed these fundamental steps that your customers can start to change their passwords.
At Cxrus Solutions, we can help you identify your code base to determine whether your servers are vulnerable to Heartbleed. If yes, we will help you to quickly patch your servers and recover from the leak. Learn more about our Application Security service.
Your customers are the lifeblood of your business. Don’t lose their trust due to security issues like this. Protect your servers now and regain your customers’ confidence.
.jpg/5facd1c1-809f-400c-a4a3-0d603d813019/)