Heartbleed and OpenSSL issue

I’m sure you’ve heard about the Heartbleed vulnerability. If not, you can read about it at www.heartbleed.com.

The difference between this and other standard security flaws is that this is for the most part a server issue only, and affects the encryption on trusted sites. It actually reads the encrypted data. Apparently, Yahoo is one of the only major large companies that we know were affected. Apple, Google, Microsoft, and “major e-banking services do not appear affected”. The vendor that discovered the hole notified many companies before publicly releasing it.

What can you we do?

We won’t argue if you want to change passwords. It would be a good idea to change your bank site passwords, credit cards, along with Email passwords. We won’t say it’s absolutely necessary since most major services were patches prior to the public release, but it would be a good idea.

Our main concern is that if you visit an infected site it might redirect you to a spyware site and try to install spyware. This is the same process that happens with spyware and has occurred for several years, though.

On a side note, we will be updating antivirus to the latest release over the next week or so. We have a minor update that we will be pushing out overnight.

Let us know if you have any questions.