By now, many of you have probably heard about the HeartBleed OpenSSL vulnerability discovered this week – a concerning back-door that has been present in the popular encryption libraries for the past 2 years. This allowed hackers to take advantage of the built in “heartbeat” function, potentially gleaning username and password combinations and any other transmitted content. Immediately following public notification of this vulnerability, Kali Systems patched all servers using the OpenSSL encryption protocols at our office and at client locations, and reissued all certificates.
Unfortunately, simply patching servers does not mitigate all risk associated with this vulnerability. Personal account information on various websites may have already been compromised. The following link shows an updated list of sites that were vulnerable, and displays their current patch status:
Passwords on these websites should be changed immediately. If the same password is used for any other applications, especially those used for business, it should also be changed immediately. IT best practice recommends using a unique password for business applications – if your information is compromised on a personal web page, your business data is not put at risk.
Customers with mail servers should be on the lookout for suspicious activity occurring in your email accounts. This may include receiving “bounced mail” notifications for emails you didn’t send, or responses from people you haven’t emailed. If you notice any suspicious activity, please call us so we can assist you with password changes. We are also monitoring your servers to ensure no connections are being initiated from outside the USA.
Please do not hesitate to contact us via phone or email if you have any questions or concerns. We consider the security of our clients to be of the highest priority, and are available if you or any other staff need help addressing this issue.