TOPS Not Vulnerable to Heartbleed

    Posted by Andrea Drennen, CMCA on April 11, 2014

    TOPS Not Vulnerable to Heartbleed

    It's not often that the secrets from the shadowy halls of IT security geeks reach the eyes and ears of John Q Public. Partly that is because of the techno-babble that can make it sound like a kind of magical arcana, and partly because, well, the mass media just doesn't care (usually).

    That is not the case with a security exploit that has recently reached a kind of 'Superbug' status in the last week. Unless you've been living under a rock, you already know I am talking about the Heartbleed Bug, an issue that is estimated to have affected 66% of the sites on the Internet.

    Before I get into the reasons why, I know a statistic like that probably has you hyperventilating, so breathe into a paper bag for a minute and let me get the important information out of the way. TOPS Software and TOPS services are not affected by the Heartbleed Bug. TOPS has tested our own websites, online services and several partners with whom data may be exchanged, and we are confident that our customers data will not be affected by this issue, largely due to our use of the Microsoft network architecture for all TOPS web services.

    Phew! Now that we can breathe again, let's talk about why you care.

    There's a LOT out on the Internet that explains the nitty-gritty technical details on what Heartbleed is. If you want to learn more, I suggest you read this or this.

    The glossy overview is this: Heartbleed is an exploit built-in to a number of open source platforms that exposes sensitive information (such as your login name and password) without any kind of logging or tracking, on a large number of sites on the Internet. First respondents compared the issue to the Matrix, in that one could scroll through a list of code and pick out sensitive data like passwords (see image below, courtesy of @MarkLoman).

    Heartbleed.png

    Heartbleed also has the unique distinction of being the first ever security bug to have its own logo and website domain. (http://heartbleed.com/) Codenomicon, a Finnish Internet security company put up the website with the logo after realizing that this issue affected a far larger audience than any security bugs have in the past.

    In part, this widespread danger is due to the sensitive data it exposes, but it is also largely due to the fact that this issue has been running, undetected, for over 2 years. For the full story behind the world's first superstar bug (a style which is being coined Bug 2.0, and will probably show up a lot in coming years, as security professionals try to duplicate this method of reaching the awareness of the general public), see this article.

    Unfortunately for the general public, Heartbleed has to be fixed on the IT side, by the wizards behind the servers, firewalls, and other hardware affected by this issue. So for now, the only thing you can really do is stay logged off systems you know have been affected, until the systems have been upgraded with a fix, and then be sure to change your password right away.

     

    Image Credit: Yuri Samoilov via flickr

    Comments