A serious security flaw embedded in a software library used by a plethora of websites that encrypts sensitive communications was detected last week. “Heartbleed,” as it’s named, can be found in OpenSSL, open source code that enables SSL and TLS encryption—both of which are used by a majority of websites to protect sensitive account information, usernames, passwords and the like.
Heartbleed was introduced on New Year’s Eve 2011-2012 but wasn’t noticed until last week. Because OpenSSL is an open source project, a community of programmers are constantly able to review the code and augment it accordingly. It was uncovered by Google and Codenomicon employees.
Here’s how it works: Heartbleed exploits the “Heartbeat” function that is used to keep connections between two computers open. When working properly, one computer sends a random packet of data to a server. The server then receives the packet and sends back random data that is the same size as the initial packet just to confirm the connection. Heartbleed enables malicious computers to overstate the size of that initial packet, tricking the server into sending more information. That excess data can contain confidential information.
While many websites and servers were affected by Heartbleed, a great deal have patched the flaw. It remains uncertain if hackers were exploiting the flaw over the past two years.
If you’re a business owner, such news is certainly not something you look forward to hearing. Who knows what would happen to your business if your systems were compromised? Luckily, by enlisting a managed service provider to oversee your computing needs, such concerns can disappear overnight. Rather than having to worry about your systems, a team of professionals takes care of them for you.
If you’re looking for a managed service provider in Norwalk, CT, consider Apex Technology Services. Click here to learn more.