The Heartbleed bug is hitting the headlines, and many people are talking about a huge compromise in IT. Here’s some succinct information for you to keep up to date.
What is it?
The Heartbleed bug is a vulnerability using OpenSSL, which is type of common cryptographic protocols to protect data: SSL and TLS. These are used to encrypt data to protect your credentials, mostly username and passwords as well as content.
This cryptology is in embedded for servers and services around the world, meaning mail, websites and services from servers are affected if they utilise this type of cryptology to protect data. It is an isolated version dated from 2011, so it exists in and around previous and current technology.
Vulnerable servers can have their encoded data hijacked and abused. One master password can mean unlocking all of your customers data to would be attackers.
The specific versions of OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable.
What that means for Mac Users:
OS X has used version 0.9.8y historically and so does not suffer from this vulnerability. The only way it can be affected is if someone had compiled and installed an older version.
Kerio has released a patch for the vulnerability. Our support team rolled out the patch to our support clients as soon as it became available.
How can I protect myself?
The usual procedures apply. Do not use the same password across all accounts. Change your passwords regularly. Watch your browsing habits. If you own a website, check with your hosting company that they are addressing the problem, as many web servers are running the operating systems that OpenSSL is bundled with.
Here is a tool to check if a website could be vulnerable.
More detailed information can be found here: