Our Response to Heartbleed- a Free Vulnerability Scan

Security vulnerabilities pop up daily in IT. Sloppy coding and old software create holes in the software and services you use continuously. That’s why it’s so incredibly important to continuously patch your business-critical IT systems.

A new vulnerability discovered in the OpenSSL library used in hundreds of different software packages is being dubbed “Heartbleed” and is a legitimate (vs. theoretical) risk which is actively being exploited by hackers.

We know you’ve been hearing about Heartbleed for a couple of weeks now, and you may think it’s already over and done with, but we are still finding it on websites we work with.

What is OpenSSL?

OpenSSL is a free library of standardized security routines used for scrambling sensitive data sent between your computer and a website. It’s used quite extensively, though luckily not everywhere.

heartbleed_explanationHow Does the Vulnerability Work?

The fine folks at xkcd have put together a short comic that very quickly explains the technical issue with this vulnerability: 

Do I Have HeartBleed on my Systems?

As a general rule, our clients are not affected by this vulnerability on their internal systems.  However, many of our clients use externally hosted websites.

We have recently invested in enterprise-grade vulnerability scanning & compliance management tools.  We would be happy to scan your externally-hosted websites for this flaw using our new tools and report on the results: contact your account manager to set this up.

If you are not a BDPNetworks client we would be happy to scan one external IP or URL (i.e. your base website) and share the report with you.  Contact Brian Place with your desired scanning target and we will set this up.

Again, this is a FREE offer for a basic vulnerability scan of one external website. Take advantage of this today!