We here at RMECS take security very seriously and obviously we try and keep up with all the latest security news, not just for us but for you. We have received numerous calls and emails asking if people need to worry about heartbleed as it has been all over the news lately.
So what is heartbleed? The best way I’ve heard it described is imagine a box store owner. You walk in with 100 pieces of paper. You ask the owner if he has a box that can fit your paper. He says he has no new boxes, but he has a used box that he just needs to empty out. You hand him the papers, and for each one he removes from the box, he puts one of yours in until all your papers are gone. The box can only hold 100 pieces of paper. He hands you back your box and you leave.
Now, imagine if the owner isn’t very good at counting. You do the same thing, but instead of handing him 100 pieces of paper, you hand him 1. He brings out the box and replaces 1 sheet in the box, and then hands you the box WITH THE OTHER 99 PIECES OF PAPER IN IT.
This is in essence what heartbleed is. The paper is bits of data and the box is a block of memory. Attackers could just in essence request the secure memory of a remote server over and over again. This means that secure data was not secure.
Firstly, as far as our website goes, you are safe there. We don’t keep any customer data on our servers (most of it is in our Dropbox which is safe). However, as for the rest of the internet, there are certain concerns you must be aware of. Since secure data was compromised, it is HIGHLY recommended that, at least on secure sites, you change your password. If you use the same password across the internet (not a good idea but understandable), you should change it because if one is compromised, they all are.
Odds are nothing will happen to you. So much data was compromised that it is unlikely that anyone would need to worry on a personal level, however passwords should be changed often as a matter of habit. One exception would be if you use two-factor authentication such as a token you have on your keys (FYI: We here at RMECS use this system). Two factor is significantly more secure as they would still need the token, but we changed the password anyways.
If you have any questions feel free to give us a call and we’d be happy to answer any questions you may have.