Don't panic.
The media frenzy surrounding the Heartbleed Bug is in response to legitimate hackers finding a security breach and thanks in part to that same media frenzy, the exposed issues are being patched and handled in a very efficient and timely manner. Remember, this is not a VIRUS, it's a bug, a simple coding error in the open source encryption protocol used by many websites. It has not affected any Windows servers. And no it doesn't allow anyone to remote access into your smartphone.
Windows XP and Heartbleed - Not Related.
First, right on schedule, Microsoft stopped supporting Windows XP, which we discussed on this blog back in 2013. Windows XP and all Windows use SChannel not OpenSSL, so they are not susceptible to the Heartbleed drama. However, this is a good reminder that anyone still using Windows XP will no longer get further software updates.
Realistically, you can still run your Windows XP for a bit, but the Heartbleed bug makes it all feel like we are running around exposed. And well, you kind of are but not really related to the Windows XP support cease, although it does feel like they are related.
What is actually at risk because of the Heartbleed Bug?
Sites using Open SSL open source encryption versions 1.0.1 and 1.0.2 beta are at risk. If your password and sensitive information are stored in Yahoo!, Google, Facebook, Pinterest or a host of others, well then you might be at risk of being hacked.
How did it happen?
It’s a programming mistake that allows for leaks in sensitive information from any applications and services using OpenSSL. In normal circumstances, someting like this would be detected and fixed right away, however this one has been leaving exposed data vulnerable since December 2012. Another problem with this bug is that if your information was shared, you won’t know electronically, it will be after you’ve been exploited with some form of identity theft.
What sites are affected?
You can see a full list of affected sites here.
Or you can use this tool to see if a site has been affected and if a patch has been applied to fix the problem.
What do I do now?
Well, it's really up to the websites individually now. Once they create a patch, you should change your password. Let's consider it spring cleaning.
Now is a perfect time to change ALL your passwords, especially if it’s been a while or you tend to use the same password on multiple sites.
If you have any other questions about upgrading from Windows XP or how to avoid being attacked via the Heartbleed Bug, give us a call today.
