What is Heartbleed?
- Heartbleed is not a true ‘virus’, however it exploits a vulnerability in OpenSSL (Secure Socket Layer).
-Used by insurance agents and carriers for TLS email security.
- This affects some websites that display addresses beginning with “https:” – but not all. It allows hackers to more easily steal logins and passwords.
- Most financial institutions don’t use OpenSSL, but many sites like Gmail, Facebook, and Yahoo do.
Insurance Industry Response
- Insurance industry vendors are working to determine if they are affected, and if so, apply fixes.
- You may be receiving emails from your vendor(s) confirming this. If not, check with them before changing passwords.
What should YOU do?
- Check whether websites or services you use are safe.
- Review continually-updated lists. One is at GitHub: GitHub Heartbleed Masstest
- Test the sites you frequent using a Heartbleed testing service. Following are just two of many testing services:
- McAfee – Free Heartbleed Checker Tool: http://tif.mcafee.com/heartbleedtest
- Filippo Valsorda’s Tool: https://filippo.io/Heartbleed/
- Take steps to re-set your passwords but only once the provider has patched.
- Keep a close eye on your online transactions (credit card, bank account, and other financial statements).
Heartbleed is also a clear reminder that you must have a strong ongoing ID/Password policy:
- Change your passwords on a regular basis – every 60 days is recommended.
- Do not use the same password on multiple sites.
- Use strong passwords – Containing 8+ characters, including both upper and lower case letters and numbers, and special characters if allowed (“!”, “$”, etc.).
- Continue to be vigilant – Watch for more news on Heartbleed and viruses.
This overview contains summaries from an article created by Steve Anderson, hosted on his ‘Tech Tips’ website. The full article can be found at: