The Heartbleed bug outbreak is one of the largest security threats ever encountered on the Internet. Assessing the problem is much graver than just updating an app or fixing a server. There are necessary processes to be surveyed in order to minimize risk from attacks and to protect data. Although assessing Heartbleed seems nightmarish, the Mediafly and expert approach to exterminating the bug will make the process flow easier.
Tools
Two tools have been created to help users identify what websites were affected by Heartbleed. An Italian programmer, Filippo Valsorda, devised a heartbleed test in where you can input a URL or hostname to decipher whether or not it has been exposed. A Chrome extension dubbed Chromebleed, created by developer Jamie Hoyle, also displays a warning for any site effected by the bug. Version two of Chromebleed has integrated the Heartbleed icon into Google search results, so that it shows up next to a site that is still vulnerable.
Passwords
One of the beginning steps in diminishing risk from the heartbleed bug outbreak is to update important passwords; creating newer, more resilient ones so that they aren’t easily revealed. According to Business Insider, there are important guidelines to use for constructing strong passwords:
- Focus on length; the more characters the better
- Make it random
- Replace correctly spelled words with misspellings
- Avoid exhausting the same password to numerous accounts
- Avoid using common passwords like “password” or “abc1234”
- Use a made-up sentence for the password
- Use apps, like LastPass, to store all important passwords
Mediafly Approach
Mediafly was not legitimately affected by the heartbleed bug outbreak. However, we underwent a tedious process to ensure safety and decrease risk because data security is our product-priority. Our process is a good model of what businesses ought to do to assess the bug. Jason Shah, our CTO, explains the procedure:
1. Firstly, we went through an identification process that entailed combing through our entire list of servers, examining its configuration, and then testing to see whether or not any part of our technology had been affected.
2. Once we had a list of affected servers, we upgraded them to the newest version of OpenSSL.
3. Once upgraded, we retested the server to confirm that it was no longer affected.
4. We issued a new SSL certificate and installed it onto all of our servers.
5. Lastly, we notified our customers of the situation.
By following the Mediafly and expert model of assessing the heartbleed bug outbreak, maneuvering your way through this internet-disaster will be unchallenging.
How has your company responded to the Heartbleed bug outbreak?
Comments are closed.