• Schedule Appointment
• Services
• Cybersecurity News
• Podcasts
• About
• Contact

Heartbleed OpenSSL Security Flaw Affects 66%+ of Internet: What You Need To Know

Due to the severity of this vulnerability, we are informing all Petronella Technology Group, Inc. clients to encourage you to check your server security status immediately and change your password to any sites referenced in the link below:

https://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

The security vulnerability nicknamed the "Heartbleed Bug" is the latest online threat that is making headlines everywhere. It is especially severe because it allows anyone on the Internet access to your encrypted data sent using SSL/TLS and

HTTPS technologies are in use by millions of websites.

You have probably recognized this technology when you login to your bank account and see the green lock beside the “HTTPS” in the address bar. The Heartbleed Bug compromises the secret keys used to encrypt the traffic, the names and passwords of the users and the actual content. It allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. Even more concerning, it allows remote access to the entire memory footprint of the server, meaning any data accessible or transmitted by any method is at risk of compromise.

It is hard to say if this vulnerability has been abused. This technology has been in a compromised state for nearly two years and more investigation must be done. You can find out more details of this vulnerability here: https://heartbleed.com

There are a few steps everyone should take to limit their risk of having their personal information attacked.

• Use a password generator and manager such as Roboform Everywhere. DO NOT use the same password on multiple websites, this way if there’s a breach, it’s easier to recover.
• Change your passwords every few months.  Seriously, this is the best way to protect yourself from identity theft. If websites offer additional security, like 2-step authorization such as getting a text message with a passcode before logging in, you should do that too.
• Be suspicious of public WiFi networks. Be aware of where you are accessing the internet when you enter your personal information online. Starbucks networks and other networks do not provide you security when surfing the web. Use a VPN if you have one or wait until you are on your own personal network.
• Don’t overreact. This vulnerability is a big deal for online security—trust us, we know that. However, making purchases on major websites like Amazon should be perfectly safe. They have certainly patched the problem.  Just remember to follow the above rules at all times.

If you have a server and you are afraid you could be vulnerable, you will need to check what version of OpenSSL is installed. All OpenSSL versions 1.01 through 1.0.1f are vulnerable, but the following versions are already secure (and no further action would be required):

• OpenSSL 1.0.1g is NOT vulnerable
• OpenSSL 1.0.0 branch is NOT vulnerable
• OpenSSL 0.9.8 branch is NOT vulnerable

If your server(s) are vulnerable, in order to fix this vulnerability, you will need to both (a) Upgrade your version of OpenSSL; and (b) Completely re-issue and re-install all your SSL certificate(s).

All Petronella Technology Group, Inc. Support Engineers have been advised of this issue, and trained in the appropriate response procedure. If you would like our assistance to determine if your server(s) are indeed vulnerable, or to fix the vulnerability, please contact our support team using any of the normal methods. For fastest response, we recommend opening a Support Ticket via the Petronella Technology Group, Inc. by emailing help@petronellacomputer.com

Typically, our team can determine if your server is vulnerable with a time expenditure of 15 minutes. Vulnerable servers can typically be patched and SSL certificates replaced with an additional 30-45 minute time expenditure, but this may vary with certain configurations.

Petronella Technology Group, Inc. Clients who have purchased a Managed Service Plan (Standard, Premium, or Platinum) will receive a separate notification if we find they are vulnerable, as management of these third-party security issues without incurring extra charges. You can find more details on our Managed Service Plans here: https://petronellatech.com/managed-it-support-services/

Thank you for your attention to this critical security issue.

Craig Petronella / President
Petronella Technology Group, Inc.