OpenSSL Heartbleed Exploit: What To Know

We’ve had questions regarding OnlyMyEmail’s spam filtering and email hosting services and how they might be affected by the recent HeartBleed exploit within OpenSSL software.

As soon as the exploit was announced, OnlyMyEmail reviewed all of our systems and found that none of them have ever run any version of OpenSSL vulnerable to this exploit.

More information on the exploit itself from http://heartbleed.com/

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

As a result of this bug, it is possible that passwords on affected hosts are compromised, so it’s a good idea to change your password if the service in question is an issue.  This Mashable article has a fairly comprehensive list of all the major services that are suggesting you change your password.

According to this article the exploit was a result of an honest mistake and not part of a deliberate attempt to compromise the security of OpenSSL.  The article also indicates that this bug has existed in OpenSSL since New Years Eve 2011.

Given the length of time that this bug has existed, and the fact that using this exploit is undetectable,  it is quite possible that cyber criminals have been using this exploit for some time to gather information.  Thus it’s a good idea to change your passwords on affected sites (and any sites that share that password) just to be safe.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , ,

Comments are closed.