|URGENT: Change your passwords|
The security of your systems and communication, especially those that utilize the Internet should be paramount for any business. Over the past few weeks a massive new security flaw has been uncovered. This flaw, codenamed Heartbleed, could potentially expose all your vital data and communications that flows between your computer and websites online. All businesses and Internet users should be aware of this Heartbleed so that they can take steps to stay safe.
Background info about secure transmission of information on the Web
Most sites on the Internet rely on Secure Sockets Layer (SSL) technology to ensure that information is transmitted securely from a computer to server. SSL and the slightly older Transport Layer Security (TLS) are the main technology used to essentially verify that the site you are trying to access is indeed that site, and not a fake one which could contain malware or any other form of security threat. They essentially ensure that the keys needed to confirm that a site is legitimate and communication can be securely exchanged.
You can tell sites are using SSL/TLS by looking at the URL bar of your browser. If there is a padlock or HTTPS:// before the Web address, the site is likely using SSL or TLS verifications to help ensure that the site is legitimate and communication will be secure. These technologies work well and are an essential part of the modern Internet. The problem is not actually with this technology but with a software library called OpenSSL. This breach is called Heartbleed, and has apparently been open for a number of years now.
OpenSSL is an open-source version of SSL and TSL. This means that anyone can use it to gain SSL/TSL encryption for their site, and indeed a rather large percentage of sites on the Internet use this software library. The problem is, there was a small software glitch that can be exploited. This glitch is heartbleed.
Heartbleed is a bug/glitch that allows anyone on the Internet to access and read the memory of systems that are using certain versions of OpenSSL software. People who choose to exploit the bugs in the specific versions of OpenSSL can actually access or ‘grab’ bits of data that should be secured. This data is often related to the ‘handshake’ or key that is used to encrypt data which can then be observed and copied, allowing others to see what should be secure information.
The problem with Heartbleed
There are two major problems with this bug. The first being that if an attacker can uncover the SSL handshake used by your computer and the server that hosts the site when you login or transmit data they will be able to see this information. This information usually is made up of your login name, password, text messages, content and even your credit card numbers. In other words, anything that gets transmitted to the site using that version of SSL can be viewed.
Scary right? Well, the second problem is much, much bigger. The hacker won’t only be able to see the data you transmit, but how the site receiving it employs the SSL code. If a hacker sees this, they can copy it and use it to create spoof sites that use the same handshake code, tricking your browser into thinking the site is legitimate. These sites could be made to look exactly same as the legitimate site, but may contain malware or even data capture software. It’s kind of like a criminal getting the key to your house instead of breaking the window.
But wait, it gets worse. This bug has been present in certain versions of OpenSSL for almost two years which means the sites that have been using the version of OpenSSL may have led to exposure of your data and communication. And any attacks that were carried out can’t usually be traced.
Am I affected by this?
What makes this so different from other security glitches is that OpenSSL is used by a large percentage of websites. What this means is that you are likely affected. In fact, a report published by Netcraft cited that 66% of active sites on the Internet used OpenSSL. This software is also used to secure chat systems, Virtual Private Networks, and even some email servers.
We have to make it clear here however: Just because OpenSSL is used by a vast percentage of the Internet, it doesn’t mean every site is affected by the glitch.
The latest versions of OpenSSL have already patched this issue and any website using these versions will still be secure. The version with Heartbleed came out in 2011. The issue is while sites may not be using the 2011 version now, they likely did in the past meaning your data could have been at risk. On the other hand, there are still a wide number of sites using this version of OpenSSL.
What should I do?
This is a big issue, regardless of whether a website uses this version of OpenSSL or not. The absolute first thing you should do is go and change your passwords for everything. When we say everything, we mean everything. Make the passwords as different as possible from the old ones and ensure that they are strong.
It can be hard to tell whether your data or communications were or are actually exposed or not, but it is safe to assume that at some time or another it was. Changing your passwords should be the first step to ensuring that you are secure and that the SSL/TSL transmissions are secure.
It would be a good idea to visit the blogs of each service to see whether they have updated to a new version of OpenSSL. As of the writing of this article, most had actually done so but some were still looking into upgrading. For a full list of sites, check out this Mashable article.
If you have a website that uses SSL/TSL and OpenSSL you should update it to the latest version ASAP. This isn’t a large update but it needs to be done properly, so it is best to contact an IT partner like us who can help ensure the upgrade goes smoothly and that all communication is infact secure.
Contact us today to see how we can help ensure that your company is secure.
|20 Common Web design terms|
Pretty much every profession has its own language or set of terms that those working in that field quickly master and use on an everyday level with colleagues. However, this can pose problems for those people not involved directly with a specific industry. For example, it can be a challenge for business owners to effectively communicate with Web designers and developers. To make things easier, it can be useful to know some of the more common Web design terms.
|What does Windows 8.1 update offer?|
Windows is the most popular operating system used on desktop computers. It is now also used on mobile devices; the latest operating system, Windows 8.1 supports PCs and tablets. This OS was made available last year, following on from the introduction of Windows 8 in 2012 which introduced a whole new look, feel and usability to Windows. In early April Microsoft released Windows 8.1.1, or Windows 8.1 Update 1, the first update to Windows 8.1.
|Visual tools for social media|
Business customers can be largely visual creatures; judging a company by how it looks. When it comes to social media campaigns if the content of your business posts is not visually appealing you may find it hard to engage your clients. The question is, what tools can you can use to create visual content, especially if you aren’t a Photoshop expert or graphic designer.
|Office is now available on Android|
The release of Office on mobile devices allows users to view and edit their files while on the go. Office Mobile 2013, the latest version of the mobile suite was recently updated for the Android platform. However, prior to the update a subscription to Office 365 was needed in order to use it. This is no longer the case and you can now use Office on your Android device for free.