Search
Close this search box.
Heartbleed Security Vulnerability

Heartbleed Security Vulnerability: What It Is And How To Protect Yourself

A new security vulnerability means that people all across the Web are vulnerable to having their sensitive data stolen. Heartbleed is an extremely serious issue affecting some 500,000 servers, according to Netcraft, an Internet research firm. Here’s what consumers can do to protect themselves.

The Heartbleed Security Vulnerability

On Monday April 7, security researchers announced a security flaw in Open SSL, a popular data encryption standard, that gives hackers who know about Heartbleed, the ability to extract massive amounts of data from the services that we use every day and assume are mostly secure.

This isn’t simply a bug in some app that can quickly be updated. The weakness is in the machines that power services that transmit secure information, such as Gmail and Facebook.

Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the majority of websites that need to transmit the data that users want to keep secure. It basically gives you a secure line when you’re sending an email or chatting on IM.

What you should do to protect yourself

One of the best ways to protect yourself is that you must update your package(s) and restart your service(s) on your server. On CentOS you can either perform an “yum update” and the package manager will find the new package(s) that you have it installed that is out of date. If you just want to update a single package you can run “yum update openssl”. On Ubuntu, its a bit different but very easy as well. First you should run “apt-get update” to insure you have the latest packages. Then you can upgrade the package “apt-get upgrade openssl”. Remember to restart your service(s) which require or use ssl after the updates are done. You will need to restart apache or Nginx with this command(s). CentOS: apache – service httpd restart . Ubuntu: apache – service apache2 restart . (CentOS & Ubuntu)nginx – service nginx restart.

CentOS:
su to root
# su –
update the package and restart the service
# yum update openssl
# service httpd restart or service nginx restart
Ubuntu:
Use sudo to upgrade
# sudo apt-get update
update the package and restart the service
# sudo apt-get upgrade openssl
# sudo service apache2 restart or sudo service nginx restart

Change passwords of sensitive accounts like banks and email first. Make sure your password is long enough, Try to make it as randomized as possible, Don’t use the same passwords for multiple accounts, and avoid passwords like: “abc1234,” “password,” “admin, etc.

Attackers can access a server’s memory for credit card information, therefore keep a close eye on your financial statements for the next few days. It wouldn’t hurt to be on the lookout for unfamiliar charges on your bank statements.

Even if you’ve implemented two-factor authentication — which, in addition to a password asks for another piece of identifying information, like a code that’s been texted to you — changing that password is recommended.

Do not log into accounts from affected sites until you’re sure the company has solved the problem.

Share this blog

About cookies on Volico.com

Volico Data Centers use cookies to collect and analyse information on site performance and usage. This site uses essential cookies which are required for functionality.  More detail is available in our privacy policy. Learn more

Skip to content