Security Announcement: Heartbleed

As you know, Innovative Concepts continuously monitors security holes in our and your servers and networks.  Recently, a new security vulnerability was discovered that was out of our control.  This particular bug has become known as “Heartbleed” and impacted most of the websites that we all use on a daily basis.

All Innovative Concepts servers and any websites that Innovative Concepts manages do not have the Heartbleed bug nor did they need to be updated to become protected from Heartbleed.

If you would like any assistance with this or any other technology concern, please contact Innovative Concepts anytime.

What Does Innovative Concepts Recommend?

First, realize how you are affected.

  • Anywhere that you login should utilize an SSL certificate for encryption (that little lock that appears in your web browser).
  • Anywhere you do anything financial must use an SSL certificate (if the lock does not appear, do not use it).

Second, realize your exposure.

  • If you have used an SSL secured website anytime in the last 2 years, you are potentially at risk.

Third, do something about it.

  • Before logging into any website, run a check to verify that it is currently protected from the Heartbleed bug.
  • If it does not pass
    • wait until it becomes safe.
  • If it does pass
    • login
    • immediately change your password.
  • As always, monitor your financial records for any erroneous activity.

What is Heartbleed?

Heartbleed affects the encryption technology designed to protect online accounts for email, instant messaging and e-commerce. It was discovered by a team of researchers from the Finnish security firm Codenomicon, along with a Google Inc. researcher who was working separately.

It’s unclear whether any information has been stolen as a result of Heartbleed, but security experts are particularly worried about the bug because it went undetected for more than two years.

How do I test a website?

The following tests check many different security components in addition to the Heartbleed vulnerability…

Test Site #1
Test Site #2

Want more information?

Official Heartbleed Website

  • An open source project was quickly created to document and disseminate as much information as humanly possible as quickly as internetly possible.
  • Official Heartbleed Site

USA Today

  • USA today created a very nice article that attempts to answer the most commonly asked questions about Heartbleed and provides a couple ways to proceed.
  • USA Today on Heartbleed

New York Daily News

  • The New York Daily News created this article that puts the Heartbleed bug in terms most can understand and attempts to answer why it is such a big deal.
  • NY Daily News on Heartbleed

Leave a Reply