HeartBleed and Zero Day Bug – UPDATE!

HeartBleed and Zero Day Bug

Heartbleed

Well, we are certain that you have heard of the HeartBleed issue and you have probably heard about the Zero Day bug, however that one you may only know as “Homeland Security warns not to use Internet Explorer for your web browsing.

Now on the homeland security website, it seems as if Google may have funded the new page as Google Chrome is the recommended browser.  Fortunately, we completely agree.  Google has an open invitation to hackers, to try to break the security built into chrome.  The browser has been around for almost 10 years, and it has yet to have a single security flaw.  There is a problem with internet explorer and flash.  If you have the Flash Plugin installed in IE, there is a vulnerability that can allow people to install malware on your computer by simply taking advantage of the flaw in the code.

A great deal of our customers however are required to use internet explorer with some applications and portal sites.  We believe that if you continue to use IE for only these specific uses.  For any other work you do online please use either Chrome or Firefox.  We do not recommend Safari, even if you have a mac download and install chrome or firefox.  Opera also is not one we recommend, while it is secure, it is also very feature poor, and a great deal of websites will not function properly.

Now onto HeartBleed.  This one is quite a bit more serious.  This flaw is not with any browser, but with something called open SSL.  SSL stands for secure socket layer, I know more geeky mumbo jumbo.  It is however very important.  SSL is the security layer that websites, servers, basically anything that communicates on the internet, that keeps you safe.

You can purchase SSL certificates from a number of sources.  Most domain hosts will also sell SSL certificates, which allow you to prove to everyone that you are secure.  Each domain host will have a price for these certificates.  Open SSL is  different animal, it is open source, which means that its base code is free and can be downloaded by anyone.  This means that you can get a much less expensive (if not free) SSL certificate.  Open SSL is the most common SSL certificate on the web because of cost.

Recently however there has been a flaw in open SSL.  This flaw allows hackers to get into the back end database of the website, where all of your personal information is stored.  Emails, passwords, credit cards etc.  This is why you need to verify that any website you access has resolved their vulnerability before you log in.  It also would be a GREAT time to update every password you have on the web.  This is a big IT support topic right now and SOS Support is here to help with any questions or concerns you might have.

***There has been an  update in this status!  Microsoft has patched this vulnerability.  PLEASE RUN YOUR WINDOWS UPDATES IMMEDIATELY.

https://technet.microsoft.com/en-us/library/security/ms14-may.aspx

 

ndr