The “Heartbleed” SSL Security threat

Webetecture

Heartbleed Security ThreatThis week it has been announced that a vulnerability in particular versions of OpenSSL software, which is found on web servers, has been found, and internet users are being advised to change their passwords.

 

In this article we seek to provide a very high level explanation of the threat, and issue our response on how this affects Webetecture clients.

 

What is OpenSSL?

OpenSSL is a library used to encrypt the transmission of data between your computer and a web server, which, in the event of being hijacked, prevents any sensitive information being obtained.

The majority of websites which feature https:// before the URL, or a padlock to show encryption, will likely use OpenSSL to provide you this protection.

 

What is the threat?

A number of versions of the OpenSSL library contain a bug which allows hackers to obtain the security keys used to provide the encryption. With these keys, they could decrypt the messages and retrieve your sensitive information. Information such as email address and password combinations to log in to websites.

 

Is Webetecture Vulnerable?

No.

 

We would like to take the opportunity to reassure our past, present, and future clients that both our web server, which we use to host our clients websites, and our main website, webetecture.co.uk have been tested and are not prone to this vulnerability; we remain secure and strong.

 

Should I change my passwords?

It is advisable, yes.

 

The problem with this bug is that it was introduced in December 2011, and nobody really knows whether hackers have been aware of it or not, and if they were, for how long they have been collecting information.

 

More information:

http://heartbleed.com/

http://www.bbc.co.uk/news/technology-26954540

http://www.bbc.co.uk/news/technology-26935905

Subscribe