The Heartbleed Attack

How Heartbleed Works

No one seems certain who the first person was to know about the Heartbleed glitch or who was the first to exploit it. Rumors abound as to how long certain organizations or people may have known about it, but one thing is for sure: Heartbleed is dangerous. Though it sounds like the title to a sappy romance novel, Heartbleed is even more detrimental.

Heartbleed isn’t a virus, but rather, a bug, a glitch, a flaw, or whatever you want to call it, in the Open SSL library. With the presence of this defect (another helpful noun to describe it) hackers can exploit the server to deliver information that isn’t actually part of a legitimate query. This means that people with malicious intent can potentially phish confidential information from your server libraries by way of preying on a glitch in the Open SSL library.

Open SSL is used all over the world, so there are a lot of systems potentially at risk. In fact, Ars Techinca has deemed the influence of the bug as catastrophic. According to their report, the Heartbleed bug has already been successful in extracting private encryption keys from a VPN on multiple occasions. Read more about it at: http://arstechnica.com/security/2014/04/confirmed-nasty-heartbleed-bug-exposes-openvpn-private-keys-too/. In another report Ars tells of a hacker in Canada who was arrested for exploiting the Heartbleed vulnerability to gather tax information on some nine-hundred Canadians. Read more here: http://arstechnica.com/tech-policy/2014/04/heartbleed-hacker-arrested-charged-in-connection-to-malicious-bug-exploit/.

How to Protect Against Heartbleed

Of course, the question on everyone’s mind, aside from: how did this happen, is: how do we fix the problem and protect our data? In order to make sure your information is protected on other websites, you should verify that the webpage using Open SSL has applied a patch for the Heartbleed problem. If they have, then you should change your login and security credentials.

As far as your own online services and servers are concerned, the first step to take, if you use Open SSL, is to download and apply a patch. Several companies have already offered patches for the problem and there are any number of sources you can solicit—one of the more notables being VMware, leader in virtualization solutions and a company with which VLCM partners.

Heartbleed has again reminded us all of the need for multiple layers of security in our networks.
By assuming that Open SSL was secure enough on its own, we could have placed our data in a very vulnerable situation. Applying proper security solutions, however, could have remedied the problem for many of the servers running on Open SSL throughout the world. If you’ve been affected by Heartbleed or have concerns about how to protect against it, VLCM can help you put the proper measures in place to ensure your network is secured (see contact information below).

About VLCM

VLCM is one of the largest technology resellers in Utah, with additional offices in Idaho, Colorado, New Mexico, and Arizona. VLCM succeeds because they bring technology into the business planning process and align their customers’ vision with the right technologies and professional on-site service. With a team of more than 25 local engineers, they assess, plan, implement, and service critical business technologies with leading brands such as HP, VMware, and Barracuda.