'Heartbleed' Hack Exposes Confidential Information
Private Customer Information at Risk
We have had a lot of questions about the much publicized Heartbleed vulnerability so, I wanted to publish a recap.
Here is how you may be exposed:
- Most windows systems are not effected
- If you are currently under a maintenance plan with us, we have already taken steps to address any effected systems that are under plan.
- Some very commonly used providers of free services (Google, Yahoo, Netflix, facebook, dropbox, etc.) were also affected by Heartbleed. We are encouraging all of our customers to reset their passwords on all of the public systems they use. (Let’s face it, it’s probably time for you to do this anyway and please choose a strong password when you make the change.)
- Password best practices (I know you might not follow all of these recommendations but please take a minute to read them and do what works for you.)
a. 12 (or more) characters is recommended for strong passwords. You can test your password strength here: https://howsecureismypassword.net/
b. The best passwords are seemingly completely random. They are also the hardest to remember. P@ssw0rd NOT very strong whereas 1Wf$00ifdE3 would take 4000 years to crack with an average computer. And, the good news is, if you use a password that is this strong, you can safely keep it for a long time without changing it unless there is a breach.
c. Use a different password for every site! (I know you're saying that’s crazy) the truth is, it is more likely that a service you use will be hacked than it is that you will be hacked. Your password could leak even though your personal security is good. Using a different password for every site ensures that a breach will be limited to the system that is breached.
Here is the information I think it is important for all of us to understand, and this is why we need to take our electronic security very seriously.
- Heartbleed has been around for a very long time… undetected.
- An exploit kit was made available to anyone who wanted to buy it. These type of exploit kits typically sell for $20-$100.
- This exploit, if used, is very difficult to detect when you are attacked.
This may sound self-serving but this incident highlights the importance of proper IT asset management. Technology management is about ensuring security, proper functionality, and good availability of resources. Every business owner is the ultimate manager of their technology assets but few have the awareness of all the important items that need to be managed. We have sophisticated systems for managing technology and are passionate about getting it right. If you are not on a technology management plan and would like to be, please call or email. 800.942.4043
Image Credit: Heartbleed.com