From the BlogSubscribe Now

Thoughts on Heartbleed

This week we witnessed a media flurry as the world responded to the Heartbleed flaw that is described as plaguing 17% of SSL secured websites and various VPN products. While we have been talking to our customers over the last few days, we wanted to share our thoughts on Heartbleed.

What does it do?

The flaw leaks the contents of the memory from the server to the client and vice versa, potentially exposing passwords and other sensitive data and the SSL server’s private key. Not all SSL servers are public Internet-facing;  also at potential risk are internal intranet SSL servers that run internal applications. Left untreated, hackers could potentially crack email systems, security firewalls and possibly mobile phones through the flaw.

What should I do?

The best advice is to connect with your technology service provider and review your possible exposure. This would include conversations around your firewall and networking equipment, hosted websites that feature a login functionality (CMS, private areas, etc.), Linux servers, in-house web servers, VPN applications and other pieces of your technology that could be using OpenSSL.

What is Triware doing?

We’ve been working diligently throughout this week to ensure our managed network and web development clients are protected and, if required, necessary action has been taken. We have contacted many of our clients already, however if you have questions about your technology and the Heartbleed flaw please connect with your Triware representative.