As you may have heard in the media, a software bug was recently uncovered in a piece of software that is used to secure many common websites. The bug coined Heartbleed has been present for a couple of years and potentially exposes your username and passwords for these sites. As a result many organizations are working to patch affected sites and servers.
How does this impact my business?
Over the past couple of days, we have reviewed all of our managed systems and networks to determine if and where this vulnerability may exist. We are happy to report that common servers like Microsoft Exchange, Microsoft SharePoint, and IBM Domino are not affected by this vulnerability. Additionally, those organizations that use SonicWall firewalls are not affected by the vulnerability. However, those organization that utilize Watchguard Firewalls are affected.
We are in the process of patching all firewalls with newly released firmware, installing new SSL certificates, and changing our firewall management passwords. This process will be completed overnight tonight (4/11/14). As a result, your office Internet connectivity may go down for up to 15 minutes after 9 PM. Organizations that have extended business hours will be patched after their normal close of business this evening.
How do I protect myself from the Heartbleed Bug?
The easiest way to protect yourself from this bug is to change your password for sites that were impacted by the bug and have since been patched. A list of the Top 100 websites and their Heartbleed Patch status can be found here. If you use a site that is not on the list, you may want to check its status by running it through one of the few Heartbleed site checkers on the internet. We have found this one easy to use with concise steps for you to take as a result of the checkers findings. It is also recommended that you keep an eye on your financial statements over the next week.
The following resources provide excellent information and are available for your review:
How to protect yourself from the ‘Heartbleed’ bug
Heartbleed bug: Check which sites have been patched
Heartbleed Site Test