2. My Name is Pere Hospital
IT Security Expert &
Cloud Specialist -
CISSP, OSCP
Certified.
Founder, Cloudways
(Managed Cloud
Hosting Platform)
Find me on Twitter:
@Phospital
3. Why Heartbleed Bug is a Big Deal ?
According to CNN:
Two thirds of the web sites and applications that allow you to
do online banking or communicate privately through e-
mail, voice, or instant messaging use OpenSSL to protect
your communications.
That is why a bug in OpenSSL that can render the private
information you are transmitting across the wire, visible to
attackers. And this is a very big deal.
4. So, How to Protect Yourself
From Heartbleed Bug?
If you are focusing on WHAT TO DO about it
(especially if you have an online business of
any kind). This is an overview of what I would
suggest.
5-Step Strategy
5. Step 1
Carefully assess what is the level of sensitivity
of the data that you have been “protecting” via
SSL. (Find out how many SSL certificates you
have and where you are using them and to
protect what).
6. Step 2
Consider that there may be sensitive
information that you are outsourcing already
(i.e. to payment providers). In this case, you
will have to ask them, what they have done
about this bug, and how they have protected
the sensitive data they handle on your behalf.
7. Step 3
Once you have gathered the relevant
information, you need to decide about taking
any further actions.
8. Step 4
The very first thing you need to do is rebuild
your defenses, so you need to re-issue your
SSL certificates. Then, replace the old ones
with the newly-issued certificates. Most
importantly, you should revoke all the old
certificates to ensure that no other (future)
data can be intercepted.
9. Step 5
Finally, you need to assess which kind of
sensitive information you were “protecting” via
SSL and act accordingly (i.e. resetting user
passwords, changing credentials in third
party services—and the list continues).
10. Concluding Words…
As more information becomes available, other
actions will have to be considered, but with
what we know so far, above steps look like a
sensible approach to me.
Sincerely,
Pere Hospital
@phospital
Also read: Cloudways’ comprehensive coverage on Heartbleed bug