« Return to the previous page

Heartbleed: The New Web Security Flaw

by Safety Net April 10, 2014 in Blog, Security Copy Link

heartbleed1A major web security flaw, known as “Heartbleed,” was recently identified. It may affect up to two-thirds of the Internet’s web sites, exposing sensitive data to potential hackers. With news sources all abuzz with coverage of Heartbleed, Safety Net would like our clients to have a better understanding of this new bug.

Heartbleed is the result of a coding error with OpenSSL, the most popular method of encrypting web sites, email servers, and applications. This error could provide access to web servers where sensitive data like usernames, passwords, and financial details are stored. It also allows potential attackers the ability to impersonate servers or decrypt communication.

A security patch has been issued to address Heartbleed. However, experts say that before the patch, sensitive data on major web sites such as Yahoo, Dropbox, Etsy, Facebook, Google, Tumblr, and YouTube could have been exposed.

To mitigate the risk of further exposure, stay off the affected web sites until that provider has implemented the patch. At this point, many major web sites have done this and updated clients via their sites or through email. If your company uses third-party website services for business processes, such as e-commerce, request a patch status from them. Once you’ve confirmed these services have been patched, change your online passwords.

A serious bug, like Heartbleed, serves as an important reminder of the steps that can be taken to be more secure:

  • Don’t assume you’re not at risk – In this case, even OpenSSL, the most widely-used Internet traffic encryption application, was compromised.
  • Clear your browsing history, session keys, and session cookies frequently and don’t opt for the “save my password” option in your browser.
  • On mobile devices, log out of all apps and log back in, thus clearing the tokens storing your information.

Note: Safety Net is actively checking with all of our vendors and believes that the Windows-based systems we use are not affected. Also, OpenSSL is not typically used on the Microsoft-based web servers, therefore Microsoft technology should not be affected by this vulnerability. Please contact a member of our Support Team if you have additional questions regarding your business.

Safety Net

Similar Articles


Executive Assistant & Communications Specialist

Your 2023 Guide to NIST Compliance

September 26, 2023 in Security


Executive Assistant & Communications Specialist