This week, a group of researchers at Google Inc. drew attention to a major security flaw in OpenSSL, which is the leading open source implantation of SSL and is used by an estimated two thirds of internet companies. The security bug, called Heartbleed, exposes the system memory of any web server running specific versions of OpenSSL. If these are exposed to the internet, then they may be accessed and exploited by hackers.
OpenSSL is used to secure traffic across the internet, prominently identified by the closed padlock next to the web address on many web browsers. Encryption and decryption keys are commonly held in the system memory as well as sensitive information, such as usernames and passwords.
Please note that OpenSSL is used not only on web servers, other services, such as SMTP over SSL, may use OpenSSL to provide SSL/TLS encryption.
To ensure the ongoing security of your data, ProCheckUp recommends the following:
1. Identify affected systems (http://heartbleed.com/).
2. Any vulnerable systems would need a new security certificate issued from a Certificate Authority
3. Reset your passwords
ProCheckUp is able to offer vulnerability testing for the Heartbleed attack. Currently all tests for these attacks are beta and seem to be about 75% reliable.
Due to high level of concern about this attack in the security community, we are offering this test and the raw results as a free service to our customers. We can scan both URL's, and address ranges to 255 hosts.
If you have any questions, please contact us at firstname.lastname@example.org or call us on 0207 307 5001.