HomeTestimonialsServicesSolutionsBusiness SoftwarePartnersEventsPartner LogineThinker

Business Services
Networking
Networking - Veeam
Network Security
Telephone Service - 3CX
Programming: Customization
Programming: SQL
Programming: Reports and VB

MicroComputer Resources, Inc.
Serving Fort Lauderdale, Miami, Broward County, Dade County, the Palm Beaches, South Florida, the United States, South America . . . and the world!

Phone 954-229-6088
Contact us



Service>NetworkSecurity>NetSecureHeartBleed

Network Security

Heartbleed: Three Years Later, Still a Risk

(We delivered the alert on the Heartbleed threat over three years ago. As of January 2017, nearly 200,000 servers and devices were still vulnerable. Read on.)

We've agonized so much about all the intentional mayhem done by hackers, that it's almost a relief that the latest big hole in our security was an honest-to-gosh mistake. A programmer fixing bugs in an encryption standard known as OpenSSL forgot to validate a variable for the length of data to be output. This enabled internet thieves to approach the vulnerable website with a jumbo-sized data scoop.

(The best explanation we've seen is a crude stick-figure cartoon published by webcomic xkcd. Check it out.)

The questions everyone's asking is: Am I affected? And what should I do?

The answer to the first is, probably yes. This bug has been sitting there for two years, and at the time it was discovered, and estimated half million web servers were vulnerable. Unless you live the life of the totally disconnected, there's a very good chance you've been on one of those sites. And if you were on the site, there is also a chance that your personal information, such as account number and password, was included in one of the illicit scoops.

What to do? The obvious is to change your passwords, which is something you should be periodically doing anyway. Also follow up by asking the website customer service if they've applied the Heartbleed fix that was released April 7, 2014. That will reassure you or at the very least light a fire under a web administrator's chair.

How not to get hooked in a Phishing expedition
Don't Become the Next Victim of Ransomware