The Heartbleed Bug
The Heartbleed Bug is a vulnerability in the popular OpenSSL cryptographic software library. This is the software that almost 60% of the internet will use to establish a secure communication between the server and the client. When you browse a website and you see the padlock sign, chances are it uses OpenSSL to establish this secure link. Windows Servers are generally unaffected by this issue, but other providers that use Linux (or OpenSSL specifically) will likely have had this vulnerability running for some time.
Whilst a lot of the big players in the cloud world are saying that they have now patched their systems and that users do not need to change their passwords, we are taking the stance that it doesn’t hurt to change your passwords on a regular basis and this is as good a time as any. Therefore this notice is to advise you to change your password for all internet-based services, irrespective of whether or not the site in question has stated they are now secure or were never vulnerable.
If you use services such as Google, Dropbox, AmazonWeb Services, Facebook, Tumblr, Yahoo/Yahoo Mail, etc. then our formal and professional advice is to take ten minutes out of your day to go through all websites and change your password.
Please be aware that we also expect to see a rise in Phishing (scam) emails pertaining to be from these various sites asking you to change your password byfollowing a link in the email. Please visit the site directly in your browser to change your password!
There is a more technical overview of the Heartbleed Bug online at www.heartbleed.com
If you have questions, give us a call (0131 510 0110) or send us an email ([email protected])