At CTI Digital, we were keen to make sure that the Heartbleed bug did not affect any of our clients.
"The CTI Digital Systems team was made aware of the problem of the Heartbleed vulnerability early on Tuesday, the 8th of April. The updated OpenSSL package was released late in the evening the night before and in the early morning hours our systems automatically updated their OpenSSL packages to the latest, patched versions. We restarted all services that use OpenSSL (mostly nginx and Apache). Further testing was done to ensure that the vulnerability did not exist on any of our hosted machines."
- Tom Murphy, Systems Administrator.
How The Heartbleed Bug operates?
The server can be asked to respond to a request under a specific criteria and it will do this. Eg. ‘Server, Are you still there? If so reply with Bird (4 Letters)’ and the server will respond accordingly with ‘bird’. However if you use the same process and ask the server, ‘Server, Are you still there? If so reply with hat (500 letters)’ and the server will respond with ‘hat’, but also another 497 letters that could potentially be users private and personal information.
How widespread has the Heartbleed Bug bled out?
On April 8th 2014, a report broke about a security bug known as Heartbleed, which affects OpenSSL. Users of sites such as Amazon, Pinterest and Tumblr were advised to change their passwords as their personal information could be under threat from the bug. However some are still left wondering what exactly Heartbleed is and how it came to affect the security of their private information. Codenomicon and Google Security uncovered Heartbleed and reported this to OpenSSL team. Mashable.com collated the sites most at risk of the bug.
Medicine for the Heartbleed Bug.
The Heartbleed Bug has highlighted the importance of digital security. It is good practice to change passwords regularly and not use the same passwords for multiple sites and accounts.
Allow software updates, these ensure any encryption errors are fixed and will improve the overall security.
CTI Digital’s response to The Heartbleed Bug secured the servers which use Open SSL and further testing confirmed that there was no existing traces of Bug.
Is your server safe and secure?