Petronella Blog Archive

Visit our New Blog

Heartbleed

Blog Post

The "Heartbleed Bug" is an especially severe security issue because it allows anyone on the Internet access to your encrypted data sent using SSL/TLS and HTTPS technologies.

Due to the severity of this vulnerability, we are informing all Petronella Technology Group, Inc. clients to encourage you to check your server security status immediately and change your password to any sites referenced in the link below:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

In order to prevent future attacks on your personal information you should follow these steps:

  • Use a password generator and manager such as Roboform Everywhere. DO NOT use the same password on multiple websites, this way if there’s a breach, it’s easier to recover.
  • Change your passwords every few months. Seriously, this is the best way to protect yourself from identity theft. If websites offer additional security, like 2-step authorization such as getting a text message with a passcode before logging in, you should do that too.
  • Be suspicious of public WiFi networks. Be aware of where you are accessing the internet when you enter your personal information online. Starbucks networks and other networks do not provide you security when surfing the web. Use a VPN if you have one or wait until you are on your own personal network.
  • Don’t overreact. This vulnerability is a big deal for online security—trust us, we know that. However, making purchases on major websites like Amazon should be perfectly safe. They have certainly patched the problem. Just remember to follow the above rules at all times.

If you have a server and you are afraid you could be vulnerable, you will need to check what version of OpenSSL is installed. All OpenSSL versions 1.01 through 1.0.1f are vulnerable, but the following versions are already secure (and no further action would be required):

  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

If your server(s) are vulnerable, in order to fix this vulnerability, you will need to both (a) Upgrade your version of OpenSSL; and (b) Completely re-issue and re-install all your SSL certificate(s).

If you would like Petronella Technology Group, Inc. Support Engineers to determine if your server(s) are indeed vulnerable, or to fix the vulnerability, please contact our support team using any of the normal methods. For fastest response, we recommend opening a Support Ticket by emailing help@petronellacomputer.com

Typically, our team can determine if your server is vulnerable with a time expenditure of 15 minutes. Vulnerable servers can typically be patched and SSL certificates replaced with an additional 30-45 minute time expenditure, but this may vary with certain configurations.

The Heartbleed security flaw compromises the secret keys used to encrypt the traffic, the names and passwords of the users and the actual content. It allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. Even more concerning, it allows remote access to the entire memory footprint of the server, meaning any data accessible or transmitted by any method is at risk of compromise.

You can find out more details of this vulnerability here: http://heartbleed.com

Petronella Technology Group, Inc. Clients who have purchased a Managed Service Plan (Standard, Premium, or Platinum) will receive a separate notification if we find they are vulnerable, as management of these third-party security issues without incurring extra charges. You can find more details on our Managed Service Plans here:

http://www.petronellacomputer.com/managed-it-support-services/

Thank you for your attention to this critical security issue.

Sincerely,

The Security Team at Petronella Technology Group, Inc.

5540 Centerview Dr., Suite 200, Raleigh, NC 27606

(919) 422-2607