HomeTestimonialsServicesSolutionsBusiness SoftwarePartnersEventsPartner LogineThinker

Business Services
Networking - Veeam
Network Security
Telephone Service - 3CX
Programming: Customization
Programming: SQL
Programming: Reports and VB

MicroComputer Resources, Inc.
Serving Fort Lauderdale, Miami, Broward County, Dade County, the Palm Beaches, South Florida, the United States, South America . . . and the world!

Phone 954-229-6088
Contact us


Network Security

Heartbleed: Four Years Later, Less of a Risk

(These days, Heartbleed sounds like old news, and indeed, it is no longer a threat to systems that are updated and patched regularly. But there are still machines out there that keep chuggling along on the old code, while their owners figure, if it ain't broke, don't fix it. These are the ones that are still vulnerable. Read on.)

We've agonized so much about all the intentional mayhem done by hackers, that it's almost a relief that the latest big hole in our security was an honest-to-gosh mistake. A programmer fixing bugs in an encryption standard known as OpenSSL forgot to validate a variable for the length of data to be output. This enabled internet thieves to approach the vulnerable website with a jumbo-sized data scoop.

(The best explanation we've seen is a crude stick-figure cartoon published by webcomic xkcd. Check it out.)

The questions everyone's asking is: Am I affected? And what should I do?

The answer to the first is, probably yes. This bug has been sitting there for two years, and at the time it was discovered, and estimated half million web servers were vulnerable. Unless you live the life of the totally disconnected, there's a very good chance you've been on one of those sites. And if you were on the site, there is also a chance that your personal information, such as account number and password, was included in one of the illicit scoops.

What to do? The obvious is to change your passwords, which is something you should be periodically doing anyway. Also follow up by asking the website customer service if they've applied the Heartbleed fix that was released April 7, 2014. That will reassure you or at the very least light a fire under a web administrator's chair.

How not to get hooked in a Phishing expedition
Don't Become the Next Victim of Ransomware
Defining the Malware Kill Chain