• Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that has been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login

Heartbleed Bug - Don't Let It Bleed Your Business Dry!

Posted by on in Nsure Technology
  • Font size: Larger Smaller
  • Hits: 3890
  • 0 Comments
  • Print

Many of you will have heard about the Heartbleed Bug in the news.  Whilst this won’t affect every business (those that don’t use SSL servers – these are the ones that leave a padlock in the address bar of your web browser) it will affect many of the sites that you and your staff may visit on a daily basis.

 

In simple terms it is a vulnerability in the certificate used to ensure that a website that says it is secure actually is.  This in turn allows a potential spammer/scammer/attacker to “listen in” to your communications with a secure site and get your username and password at the very least. 

The idea is then that they create a spoof site and when you next visit they can get all your details, or use the stolen details to log into your accounts.

One very high profile site that has experienced an attack is Mumsnet, a forum and self-help site for mums.  In a statement to the BBC the site’s founder, Justine Roberts, said that it became apparent something was wrong when her own username and password were used to post a message on the site.

The hackers informed mumsnet that they had accessed security records and had username and passwords from all of it’s users.  Mumsnet have since updated the software and are forcing users to change their passwords.

Symantec, who are a very trusted security service, suggested the following:

  • Be aware their data could have been seen by a third party if they used a vulnerable service provider
  • Monitor any notices from the vendors you use. Once a vulnerable vendor has communicated to customers that they should change their passwords, users should do so

One VERY IMPORTANT thing to note:

 

Avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain. 

Also importantly is not to rush off and change all your passwords just yet.  Most websites will be patched over the next few days to week so wait until the weekend for big websites and next week for smaller ones.  Sites that WEREN’T affected include Amazon, Hotmail and Outlook, eBay, PayPal and Apple, Lloyds, HSBC, RBS, Natwest, Santander and the Co-Op.  Sites that WERE include gmail, YouTube, Yahoo – including Tumblr and Flickr, and Facebook.

I hope you have found this to be of interest,  but should you  require any further information visit https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD831 or www.heartbleed.com which will give you a much more technical view on what’s happened.  This link also gives a good, non-techie, insight into what’s happened http://www.independent.co.uk/life-style/gadgets-and-tech/heartbleed-bug-should-i-change-my-passwords-9251143.html

As a technology insurance broker we are able to provide the broadest of insurance covers to cover your worldwide exposures such as this and provide one stop underwriting, this along with the expertise of the insurers we use makes the protection your business and its exposures that much easier and provides you with peace of mind.

For further information please visit our website www.nsuretechnology.co.uk or contact Geoff Stanbridge on 01903-608106 or email @ This email address is being protected from spambots. You need JavaScript enabled to view it.

Rate this blog entry:
0
Tagged in: Heart Bleed Heartbleed
Trackback URL for this blog entry.

EmmaWells has not set their biography yet

Comment disabled by author.