Heartbleed bug: what does it mean for business owners?
The news started first from tech web sites and now is out on regular news web sites. But what is the Heartbleed bug? How do you protect yourself and your business?
Heartbleed is a coding bug in the Heartbeat section of the Transport Layer Security (TLS) part of a web site. The TLS passes secure information from the front end of a web site (such as a form or a login for example) to the back end of a web site where it is processed. TLS is supposed to make all the information secure from eavesdropping. The Heartbleed bug is the secure information is actually scannable by hackers leaving no trace. It effects a widely used version of OpenSSL.
How widely used? The vulnerable version of OpenSSL is used in smartphones, web sites (particularly financial institutions), VPNs, mail servers, routers and modems to name a few. In one article, an expert predicted it could take up to ten years to weed out the vulnerability because of the number of devices and web sites that use OpenSSL.
Impact on end users
What have end users been seeing as a result of this bug? As of this morning (April 9th) Revenue Canada has shut down the public part of their web site while they fix the problem. No online tax filing. The Ars Technica web site advised users to change their passwords after they patched problem. We’re going to see more web site outages and password resets. There will be a lot of patches issued for routers and modems.
Business owners should contact their web site hosts and web site programmers to see what their risk is.
Unfortunately most of this of out of control of the end users who are at risk. The people most at risk are those who use the same password for multiple sites. But almost everyone who uses the web on a daily basis are vulnerable.
More to come as the ramifications and patches appear in the next few weeks.