Good Day — This week’s cybersecurity news is worse than usual, so we are sending out an alert to all customers.
This new security problem is called the “Heartbleed SSL Bug.” It impacts the little lock you see on your browser window when you are on a secure web site. You can read more about it at this web site: http://heartbleed.com/. Here’s what you need to know:
- This is a serious breakdown in the basic security system used to transmit secure data between your browser and a web site. The problem isn’t that a hacker can intercept your web communication more easily. It is that they are able to browse an unpatched web site server and extract information directly. Using this vulnerability, it is much, much easier to target an individual at a particular web site.
- Security researchers have used this vulnerability to not only copy usernames and passwords from a server, but to make a duplicate of the cryptographic keys used to secure web sessions. This means that even after the bug has been patched, web site operators need to take further steps to secure their site.
- This vulnerability has been present in most secure websites for months, and there is no way to trace any exploits that may have been performed.
This is frustrating to regular Internet users because they really can’t do anything to eliminate the problem. Some web sites won’t advise you that there is a problem. The only thing you can do is change your passwords at your secure web sites.
Sorry to be the bearer of bad news. Please call us or email if you have any questions or concerns.
— The Network Operations Center Team @ Telnexus (firstname.lastname@example.org)
Support Line: (510) 991-1114
Support Email: email@example.com