“The Heartbleed vulnerability is one of the worst Internet security problems we have seen”

Ed Felton

Heartbleed is one of the greatest vulnerabilities to threaten online security in the past year.

It is a vulnerability that threatens the security of communications over the Internet, so barristers’ chambers especially should take it extremely seriously.

 

What is Heartbleed?

 

Heartbleed is a vulnerability that first emerged in April 2014, and poses a threat to 70% of websites today.

Heartbleed is NOT a virus. But rather it was a mistake written in Open SSL, a security standard that encrypts communications between users and a majority of online services. This mistake made it possible for hackers to extract personal data from massive databases containing usernames, passwords and other sensitive information.

The Heartbleed defect allowed anyone to read the memory of any system protected by the flawed version of OpenSSL. Attackers could steal user names and passwords, instant messages, emails and businesses documents without trace. Given the length of time that the internet was exposed to this flaw, there is a strong chance that as many as two thirds of websites were affected. It’s a serious weakness that must be taken seriously, especially when you are sending communications of a highly classified nature over the web.

 

Are You Affected?

 

It is probable that we are all affected, either directly or indirectly

The Bar Council

How do you know if you’ve been affected?

Given that OpenSSL is the most popular open source cryptographic library, the likelihood that your login details and the websites you use regularly were affected is reasonably strong. Most social media websites and e-commerce sites affected have sorted the problem by now, though, and most websites have acted to change any compromised software.

 

What You Can Do?

 

Most larger websites have acted to patch the Heartbleed vulnerability, updating to a more secure version of OpenSSL. There will be websites, though, that haven’t, so if you haven’t done so since the vulnerability was exposes, change all your passwords today!

When changing your passwords, it is a good idea to make them longer and more obscure than before. Include upper case letters, numbers and symbols, and continue to change your password on a regular basis going forward.

If you are unsure about whether your chambers has been affected by Heartbleed, or want to consult with IT specialists on any other aspect of IT security, please do not hesitate to get in touch. Or friendly team will be happy to help!