Why The Heartbleed Bug Doesn’t Have To Tank Your Online Identity

Media Division | January 18, 2017

Let’s talk about your company’s security. You know you should update security on a fairly consistent basis. But even then, just thinking about security makes you cringe.

You’re not alone. A lot of corporations feel the same way, and there’s a good reason behind it: you’ll never be 100% safe as long as you’re using the internet, because some information either about or created by you is stored somewhere. And this information is always at risk to major breakdowns in internet security.

The latest security threat is the Heartbleed Bug: a serious vulnerability in the OpenSSL Internet encryption protocol utilized by two-thirds of all websites on the internet. It has left the information of most internet users (surfing from smartphones, tablets, laptops, notebooks, desktops and other devices) vulnerable to hackers.

The bug allows anyone on the web to read the memory of the systems protected by vulnerable OpenSSL software versions. As a result, the secret keys used in identification of service providers and encryption of the traffic, usernames and passwords of the users and the content are comprised. This enables hackers to steal data directly from the users and services and to impersonate the victims, informs Heartbleed.com.

While most of the websites are believed to be affected by the bug, no one is certain about the extent of damage since the bug went undetected over the last two years. 17% of the world’s most secure websites were labeled as vulnerable to the bug at the time of disclosure, according to a Netcraft web survey.

Hackers can use the bug to send fake packets of data, which tricks a site into responding with the data stored in its RAM memory – including sensitive information such as credit card numbers, usernames, passwords, connected accounts, emails and more. The researchers who initially reported the loophole mention that hackers who exploit the bug can even reach business documents and instant messages.

How to mitigate the risk

OpenSSL software is utilized by servers that host websites so even if the Heartbleed bug exposes passwords and other sensitive data entered on your computers and BYOD devices, you can only mitigate the risk because the issue must be fixed by website operators. Mitigating the risk, however, could go a long way in protecting your digital identity. Here are some measures that will help:

Change your passwords

Even though major internet companies including Google, Facebook and Yahoo! Inc. have taken measures to mitigate the impact on their users, you should still consider changing passwords to be on the safe side. And by taking this action, you would also be changing the authorization tokens that might have been compromised as a result of the vulnerability.

GitHub has a list of 10,000 sites vulnerable to the Heartbleed bug, so if the sites frequently accessed within your company are present on the list, implementing a company-wide password change would be the recommended protocol. Also, you can use the real-time Heartbleed checker to keep tabs on vulnerable sites.

Monitor your digital identity

External cyber monitoring can perhaps be your most powerful weapon to combat threats like the Heartbleed bug. An advanced global threat intelligence system like Strixus would reach the darkest corners of the internet to detect an adversary’s intention.

This translates into your organization receiving proactive insights on adversary’s activities, allowing for the best course of action for neutralization and mitigation. Real-time cyber monitoring would also go a long way in protecting your reputation by intercepting security threats to your online identity before the public does.

Activate two-factor authentication

Even after you’ve reset passwords, a weak link could allow attackers to gain access to your accounts. But after you activate two-factor authentication, instead of just passwords, attackers using the Heartbleed vulnerability would also need to physical devices for successful access.

Several website operators already support two-factor authentication. While it would take more time to getting used to entering two passwords, using the option would have a significant impact on your corporation’s internet security.

Though your organization may have not been harmed by the Heartbleed bug, you should take extra precautions as researchers and website operations continue to fix the problem, which may have far-reaching complications than what has been reported so far.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.