Heartbleed Bug: What You Need to Know

Read this this post to learn the crucial facts about the Heartbleed Bug and how to identify if you're at risk.

April 18, 2014 by Alex Collins, IT Services Consultant





The Heartbleed bug has impacted many businesses: at least two-thirds of the Internet is now using OpenSSL to secure commercial and other high-risk transactions.  This useful tool will immediately inform you which sites are currently vulnerable; however, it does not contain any information as to whether they have been vulnerable in the past. This post provides a discussion of what the Heartbleed bug is, how to determine if you have it, and why you need to take action as soon as possible if you have been impacted.

What is the Heartbleed Bug?

The Heartbleed Bug is a major vulnerability in the code that is intended to protect most websites. OpenSSL, (open-source cryptography software), keeps things secure by verifying server identities. The Heartbleed Bug lets hackers trick OpenSSL and allows anyone to read its’ code and “scoop” information.  What this signifies for the public is that anyone who is aware of the vulnerability and knows how to exploit it for their benefit can access encrypted information without a trace—including documents, emails, IMs, VPNs, and even passwords.

In retrospect, Heartbleed is defined as a coding error.  Before any two servers exchange encrypted data, they must verify each-others’ identities using a mini exchange called a “heartbeat.”  This lets them verify the identity of the other server and that someone is on the opposite end—or someone who is “supposed” to be there, that is. Through this methodology, one server should not send any sensitive data to another without a proper recipient.

However, Heartbleed Bug hackers and exploiters are using this vulnerability to send a fake handshake.  The initial contact will appear as if a large amount of information is present, but in reality, nothing will actually be there.  This will then trick the server, which will proceed in sending a large amount of sensitive information in return.  This buffer overflow attack works because hackers continue sending these fake requests until they get something of value back.

How to determine if you have been impacted…

It is important to understand that there is no 100% concise way to determine if your system has been impacted.  Even if you are confident that your system has not been affected, it is best to take precautions against Heartbleed.

In doing so, the very first action item is to complete a vulnerability scan. You should be able to test for the Heartbleed Bug by running the newest updates on any vulnerability-scanning products that you are using; all major vendors are now offering these relevant updates. Websites that are accessible to the Internet are the most vulnerable to Heartbleed.  However, a number of other products also use the affected library in their cryptographic sections.  Therefore, even if your assets are not Internet-facing, you must still scan them all just to be certain. In addition, it is strongly recommended to contact your vendors about any impacted products and corresponding fixes.

What to do after you’ve detected the leak - or even if you haven’t…

Although many companies are now aware of the Heartbleed bug, it is difficult to understand all the intricacies that are involved, and many businesses are currently not capable of fixing it without assistance.  If your business operates a website, it is crucial to identify and repair security breaches, properly inform users, and take whatever steps are necessary.

In addition, in order to protect as much data as possible, a company-wide password change must be completed as soon as possible; but even doing so will not keep your company completely safe until all sites that have been compromised are repaired.  Furthermore, all Internet-facing certificates with versions of OpenSSL that may have been vulnerable to Heartbleed must be revoked and replaced, and all signature algorithms must also be evaluated.

If you feel that that your company may be at risk and you would like a vulnerability assessment, contact our experts at All Covered today for immediate assistance at 866-446-1133 or visit us at www.allcovered.com.

The All Covered Difference

All Covered is here to work with you to set up, configure and monitor your IT Security to prevent security risks like the Heartbleed Bug. Our goal is to protect your company’s data and to ensure you have the ability to recover from a disaster or data loss event quickly and effectively. Contact us today at (866)446-1133 for more information or to schedule a consultation.