“Heartbleed” has affected many popular websites and services — ones you might use every day, like Yahoo, Gmail and Facebook — and could have quietly exposed your sensitive account information (such as passwords and credit card numbers) over the past two years.
- Change your passwords now, including Yahoo Mail, Google/Gmail, Facebook, Dropbox, Intuit/TurboTax, your PCs, etc..
- Antivirus software will not protect you! Servers are the target, however PCs with outdated apps and passwords are vulnerable. We’ve verified that servers maintained by Proactive-IT are not running OpenSSL or have been upgraded to safer versions.
- We are working with Proactive-IT clients to upgrade apps and replace passwords.
STATUS OF INDIVIDUAL APPS AND SERVICES:
- Logmein: upgrade to version 126.96.36.19944 or higher; change Logmein and PC passwords
NEAR-TERM ACTION RECOMMENDED:
- Implement more secure workplace password discipline including strong passwords that can’t be reused. Consider a password manager.
- Plan to change passwords regularly, for example every 3 months, as new vulnerabilities are discovered, and to limit your exposure in the meantime.
- Consider policies for limiting access to ‘social media’ sites (eg. Facebook) from within the workplace.
- Bloomberg reports “NSA said to exploit Heartbleed bug for intelligence for years”
- Former Microsoft security chief implicated in Heartbleed controversy