The first quarter of 2014 was a very, very busy month for both the corporate and IT worlds. There were two zero day vulnerabilities discovered in April alone – the Heartbleed and the IE (versions 6-11). Fortunately, for you and me these issues were discovered (see our posts (The Heartbleed Vulnerability & Microsoft Internet Explorer Security Threat) and both have been addressed. Patches have been formulated and applied/distributed to the majority of affected sites and programs
For IE’s vulnerability, Microsoft created a patch that should have been distributed to your system via automatic updates. If you manually install updates, you can follow the link to the Microsoft Security Update released back in May and follow the directions. You may also choose to start using Mozilla Firefox as your web browser.
The patching for the Heartbleed exploit is handled on a “per business” basis. Some companies’ websites do not use the type of OpenSSL encryption that Heartbleed was designed to attack. IT blogger Jason Cipriani & CNET’s Seth Rosenblatt worked in concert to post a blob on CNET’s site where they shared the results of testing the did against multiple popular websites using Qualys SSL Server Test. To view their results peruse their blog “Heartbleed bug: Check which sites have been patched”. To save you a little time I read the post and pulled out the sites that you really need to use with caution* until they are properly patched and tested.
Even when a website is deemed “safe” or “not vulnerable”, we cannot overemphasize the use of common sense Internet/Email safety protocols. If you would like some help understanding internet safety and all of the complexities CSI Onsite would be more than happy to assist. Give us a phone call (952-928-1788) you can also contact s electronically following this link CSI Onsite Contact.
We have several related blog posts covering Safe Surfing, please take some time to read through them and comment about their content.