The Heartbleed security flaw is a serious vulnerability in the popular OpenSSL cryptographic library. This weakness allows hackers to steal protected information, under normal conditions, by the SSL (https://www.YourWebsite.com) encryption used to secure the Internet.
The good news is that a patch has been issued for this security flaw. We have implemented this fix on our servers as soon it was issued and most organizations are doing the same around the globe.
The bad news is that you really should change most of the passwords you are using around the web.
If you need to know if your website is still vulnerable, contact us for our services, and we will test your website.
We suggest changing your passwords to all accounts, including:
Website Control Panels
All Online Financial Accounts
All Google Services (Gmail, Google+, YouTube and so on…)
All Yahoo Services (Yahoo Mail, Yahoo Stores, and so on…)
Amazon Web Services
The Heartbleed bug is also present in hardware, such as some routers and switches, have also been affected.
Cisco is currently investigating its product line for affected products and will issue free software updates that address the vulnerabilities.
F5 Networks says that some of its virtual servers with a specific SSL profile are vulnerable. Management interfaces are also vulnerable.
The company has noted versions known not to be vulnerable on its website, and customers can upgrade to these versions.
Juniper Networks has posted a list of vulnerable, not vulnerable and under-investigation products. It is working on providing fixed versions of code for its products as well as workaround solutions.
FortiGuard has issued a firmware update for its FortiOS. Firmware updates for FortiAuthenticator, FortiMail and FortiRecorder will be available on April 11. Firmware release dates for other products is pending.
Resources and Other Links