Do you remember the Heartbleed vulnerability? It’s been known about for almost three years now, yet there are still nearly 200,000 systems that are vulnerable to it. Is yours one of them?
Heartbleed is a zero day vulnerability found in OpenSSL that allows hackers to read parts of a server’s memory, which can lead to data theft. At the time of its discovery, it was thought to be a vulnerability in up to two-thirds of servers worldwide.
Security flaws that exist in the wild are usually patched up pretty quick because once they become public knowledge, hackers move to take advantage of them. Since this one has been out so long, it’s one that should have been taken care of long ago, and yet it’s estimated that nearly 200,000 servers are still vulnerable to it. It’s especially troubling because the even the most sensitive data can be stolen through Heartbleed.
To make sure your server is safe from Heartbleed, make sure your version of OpenSLL is up to date. Once that’s done, create new private keys and get a new security certificate. If you’re not sure what that means or how to do that, give us a call.