Security Blog

How Does the "Heartbleed" Vulnerability Affect You?

April 16, 2014

"Heartbleed" is a catchy name for a cyber vulnerability, but how exactly does it work, and how can you (and your enterprise's employees) be better protected against it?

Heartbleed,” a flaw in a widely used security script called OpenSSL, could allow a malicious actor to ping the website recently visited by an employee or user and pull personal data from it – allowing them to reconstitute passwords or other sensitive information from the data, according to Gizmodo.

Heartbleed allows hackers to lie to servers about how much data it sends in a ping, or “heartbeat.” The server will then send too much data, including private data, back to the hacker.

Unfortunately, due to the widespread use of OpenSSL, Heartbleed affected 500,000 websites, from mom-and-pop retailers to international conglomerates, The Washington Post reports. The next step is for those sites to revoke their current security certificates and issue new ones, which sounds simple enough, but it could cause serious speed reductions when users try to load websites due to the flood of new security certificates being verified.

A patch has been issued for the vulnerability, which means that it is now safe to change passwords for the affected sites.

So far, some of the biggest websites affected, or claiming a possible vulnerability for safety’s sake, include:

  • Amazon Web Services
  • Dropbox
  • Facebook
  • Gmail
  • GoDaddy
  • Google
  • Instagram
  • Netflix
  • OKCupid
  • Pinterest
  • SoundCloud
  • Tumblr
  • USAA
  • Yahoo

Even more worrisome, especially for enterprises with strong mobile device-using workforces, smartphones and tablets running a specific version of Android were affected by the Web security bug, which could potentially put login information from those mobile devices at risk, Yahoo reports. Google assured Android users in an April 9 blog post that most versions are not affected, but the 4.1.1 Jelly Bean version is a “limited exception.” That version, released in early 2012, is likely to be running on older Android smartphones. Google reports that about 34 percent of Android devices use a version of 4.1 Jelly Bean software, but fewer than 10 percent of devices in use are vulnerable. 



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security May 2015 Issue cover

2015 May

In the May 2015 issue of Security, learn how to be the bridge between busieness and security with "customer facing," how to effectively work with your CFO, and covert security.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.