On April 7th 2014 the OpenSSL Project released an update highlighting an encryption flaw nicknamed “Heartbleed”, CVE-2014-0160 is the official reference to this bug. This flaw has already been referred to as the biggest security threat the Internet has ever seen.
What is “Heartbleed”?Heartbleed is a vulnerability identified in the OpenSSL cryptographic software library. Encryption is commonly used to protect data being transferred online. Heartbleed allows someone to secretly gain access to encryption keys, which compromises your personal information, such as passwords and credit card information. It is also impossible to detect so you will never know if your information has been compromised.
OpenSSL runs on 66% of the web so this vulnerability is quite a big deal. A lot of sites we use every day, including Google and Facebook, have been compromised. Mashable has provided a great table outlining the sites you should change your passwords for. At this stage most Internet companies have already updated their servers with a security patch to fix the issue. All you need to do is go in and change your passwords on the affected sites.
Unfortunately we are creatures of habit, and if you’re anything like me, you reuse the same password on different websites. Unfortunately this means that if any of these sites have been compromised you need to change passwords for all of these sites. As a word of warning, it’s not a good idea to use the same password on more than one site, so try to use different passwords.
Heartbleed and Salesforce
As ClaimVantage software is built using cloud technology on the Force.com platform, several users have asked if the bug affects them. Salesforce has reassured customers that the Heartbleed bug does not affect them as they are not running the vulnerable version of OpenSSL.
Although Salesforce has been deemed safe, other systems may have been compromised so ensure you review your passwords for other affected sites. There are online tools available that can check if a particular site is vulnerable to “Heartbleed”. The one I have used is LastPass Heartbleed Checker, but there are others available.
If you have any concerns relating to Heartbleed and ClaimVantage software, do not hesitate to contact us.