Cyber security has hit the headlines again recently with reports of the ‘Heartbleed Bug’, a code error which means that websites can leak user details including passwords through the 'heartbeat' function used to secure connections. The bug affects web servers running OpenSSL, enabling hackers to read confidential encrypted data meaning that they can gain access to private information of the unsuspecting public.
Speaking about the virus, Zain Javed, Mitigate’s Head of Penetration Testing Services, said: “This vulnerability is deemed as high risk as it has gone undetected for the past two years which means someone could have already harvested the information that was meant to be encrypted.
“To protect yourself, you should change your password but first you need to make sure that the affected website has patched up and has updated its SSL security certificate. If you use any of the major sites affected, you should change your passwords with immediate affect as once hackers being to exploit the Heartbleed Bug, you could be the subject of disastrous consequences.”
There is a comprehensive list on Mashable identifying which websites are vulnerable.
“At Mitigate Cyber Security we offer a full SSL report as part of our vulnerability assessment and web application penetration tests. We run comprehensive tests to check for the Heartbleed bug as well as past vulnerabilities, such as the BEAST and CRIME attacks. ”
Advice from Mitigate on changing passwords:
- Believe it or not, top passwords for 2013 included ‘123456’, ‘Password’, ‘Admin’ and ‘Letmein’. It may seem obvious but it is surprising how many people simply use the easiest password which leaves the business wide open to vulnerabilities. Passwords should be set up to have minimum characters and should be at least 12 alphanumeric characters in length. It is also important to change passwords frequently, around every three months, and use password protection to lock confidential documents.
