Heartbleed Bug: What you need to know


Heartbleed Bug: Flaw in OpenSSL versions 1.0.1 through 1.0.1f and 1.0.2-beta1

On April 7, 2014, security researchers revealed the Heartbleed bug to the Internet community. The Heartbleed bug is not a flaw in the SSL or TLS protocols; rather, it is a flaw in the OpenSSL implementation of the TLS/DTLS heartbeat functionality. This flaw allows hackers access to data that should be protected by SSL and TLS protocols like usernames, passwords, emails and instant messages, credit card information, and more.

Check out this xkcd illustration for an easy to understand explanation of the Heartbleed exploit.

Running a website?
Customers running websites can use https://www.ssllabs.com/ssltest/ to test their site to see if it is vulnerable. If it is, you will have to patch your system and get a new certificate issued.

Worried about visiting websites with a vulnerability?
By this time, most websites with issues should be fixed, but customers concerned with this should be encouraged to change passwords, not reuse passwords, and keep a close eye on any critical accounts.

Hardware vulnerabilities?
Customers that are worried about vulnerabilities in their hardware can check device manufacturers websites for firmware updates. If a firmware update is available, do not hesitate to update it. Note that when you update your routers firmware you may need to reconfigure your router, including port forwarding settings etc.

The No-IP website and services were not affected or vulnerable to the Heartbleed bug.

Have questions, comments or concerns? Leave them in the comments.