Heartbleed Bug: What you need to know...

11th April 2014

Christmas and New Year Opening

You might have seen various coverage in the Press, on TV, and online - as well as from e-mails from various suppliers about a new vulnerability known as "Heartbleed" (a not particularly elegant name).

Before we go into some background on what it is, we want to reassure customers that our engineers are aware of the risk - here's how it might affect you with your services with us:

Beyond this, we are checking to see if any customer with active maintenance has any vulnerability, but as a general rule, customers are secure as our technology and services do not use the vulnerable software or are using versions that are already secure.

So what is this Heartbleed thing anyhow?

In simple terms, it's a way of compromising the security of "SSL" - this is the technology used to secure communications to various services - often Web Sites, and you most commonly recognise it when you see a "padlock" on your browser in the address bar. It's used by a huge number of companies, from banking to google and facebook.

Why isn't everything affected?

Put simply - because not everyone uses the same software for "SSL" technology. Even if they are using the type (specifically Open SSL), it's only vulnerable in more recent version - effectively in more recent versions someone introduced a bug. This might come as a surprise as we tend to think that newer versions are just more secure, but the reality is, software can become less secure whenever a change is made just as much as it can become more secure.

This doesn't affect Windows...

It might come as a surprise also to some that Windows itself isn't vulnerable - although people tend to think that Windows is generally insecure (a pretty old and long since banished reality, this issue doesn't affect it because it isn't using Open SSL. However you might have firewalls, routers and other equipment that is vulnerable that sits in front of it - so they need consideration.

So what can I do?

If you're a VPW customer, and you have fully managed services from us, you'll need to do nothing - if we are aware of a problem with equipment we actively support, and that you're vulnerable to, we'll get it fixed (although right now, we're not aware of any customer that will actively be affected). If you're not a customer yet, you might need help from an IT company to check particularly if you aren't technically minded. At VPW, we can help you even if you aren't currently a customer- especially if you're based in Exeter, Devon, Somerset or Dorset - as we're based in the South West.

Should I reset my passwords?

Well the jury is out - some people suggest you should change all your passwords, but the reality is there's no point changing them if they're secure already, or if the service or system you're using is still vulnerable to the attack. It's not easy to tell either as a normal person and many companies won't want to openly talk about how they're vulnerable.

In general though, we'd suggest if you're the type of person that uses the same password for everything, it's about time you stopped - regardless of this bug, because security issues like this won't go away and sooner or later you might find yourself caught out. It's worth thinking of ways to remember passwords and vary them on each site or service - you can write many passwords down, just don't leave them with your computer (especially in an office) and remember that in most cases, passwords are only used online, so unless someone breaks into your house, the passwords you write down won't really be that insecure. Just make sure the most sensitive passwords really are kept safe.

Here are some tips for passwords generally:

It can be relatively simple to create passwords that are hard to guess without a lot of effort, harder to crack by automated tools, yet sufficiently memorable using these types of techniques - all you have to do is remember your "rules" (don't write those down) for making passwords, and then use helpful but not too obvious clues and you have much better security already.

But above all..


Need some advice or help?

If you want more help on security, including the Heartbleed bug, why not give our team a call? We'd be happy to help you, and our Sales/Enquiries team can be reached on 01392 950 950. If you're an existing customer, contact support.

<< Back to the Blog


IT Survey & Challenge Quiz!IT Survey & Challenge Quiz!

Are you getting the best out of your IT?

Take the Quiz

Popular VPWSYS Services:

Backup Services - From just £8.00 a month, affordable protection against loss of data
Domain Names - We provide Domain Name services from just £9.37 + VAT
Pre-Paid Support - On the phone and in person, and you're only charged for the time you use.