What is the new Heartbleed SSL bug and how does it relate to you?
The problem, disclosed this week, is in open-source software called OpenSSL that’s widely used to encrypt Web communications.
Heartbleed can reveal the contents of a server’s memory. This includes private data such as usernames, passwords, and credit card numbers.
The majority of our clients run Windows on their servers and any webserver in use (e.g. for webmail) is usually based on the Microsoft IIS engine. IIS does not use OpenSSL.
However, If your company has a website and that website uses SSL, i.e. is secured with a SSL certificate and is accessible with an address starting with https:// , then you should check that your service provider has patched the site to protect it from Heartbleed.
The new Heartbleed SSL bug is explained in some detail here:
There is an on-line checking tool here:
In addition any external sites that your users have been logging into may be vulnerable and once the website provider has confirmed that they have patched their system your users should certainly change their login details.
If you would like to get in touch for peace of mind please contact one of our technicians who will be able to provide analysis on potentially vulnerable sites.