a heartbleed away
TRANSCRIPT
![Page 1: A Heartbleed Away](https://reader035.vdocuments.us/reader035/viewer/2022072000/55d6e173bb61ebcc0e8b4621/html5/thumbnails/1.jpg)
A HEARTBLEED AWAY
OVERVIEW
A disturbing threat to internet security, called “Heartbleed”, was discovered by Google earlier this week
possibly exposing passwords, customer information, credit card numbers and other sensitive
information. OpenSSL is a widely used encryption tool used by about two‐thirds of the internet's web
servers and also used to secure virtual private networks (“VPNs”) – those connections intended to keep
company information private when viewed by off‐site employees. The version with the security flaw
was first introduced in December of 2011 and remains vulnerable on all OpenSSL implementations until
the latest fix is applied.
THE RISK
The flaw makes it possible to snoop on Internet traffic even if the site appeared secure. Heartbleed
creates an opening in websites’ encryption technology that users see marked by the small, closed
padlock and "https:" in their web browser. The data could leak out in small increments without the
website owners knowing any data loss had occurred. Ironically, smaller companies are more likely to
use OpenSSL. Popular hosting services used by small companies have acknowledged its effect on their
environment, but may not be correcting the fix depending on the particular user agreement.
THE SOLUTION
Security experts are still determining the pervasiveness of the vulnerability, but at this point all
companies should be reviewing their internal IT environment and patching any Open SSL instances.
Companies should alert their users after correcting their infrastructure. Consumers have been advised
to change their online passwords after they are notified by each individual site.
Experts recommend intrusion detection and prevention systems (“IDS/IPS”) immediately be configured
to detect the Heartbeat request if they cannot immediately fix their OpenSSL implementations.
However, the fact that this flaw only affects information intended to be secured actually makes it
worse than not having used encryption at all.
![Page 2: A Heartbleed Away](https://reader035.vdocuments.us/reader035/viewer/2022072000/55d6e173bb61ebcc0e8b4621/html5/thumbnails/2.jpg)
www.uhy‐us.com
THE NEXT LEVEL OF SERVICE In July, 2000, six leading regional tax and business advisory firms, with tenures dating back to the early 1970s, merged to form a national professional services entity known as UHY Advisors, Inc. They came together in the pursuit of a shared vision: to deliver the service of a local/regional firm and the services of a national firm to the dynamic middle market.
UHY ADVISORS Michael Witt UHY Advisors MI, Inc. 27725 Stansbury Blvd, Suite 210 Farmington Hills, MI 48334 Phone: (248) 355‐0280 Fax: (248) 355‐0157
UHY Advisors, Inc. provides tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors.” UHY Advisors, Inc. and its subsidiary entities are not licensed CPA firms.
UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc. and its subsidiary entities. UHY Advisors, Inc. and UHY LLP are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms.
“UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY Advisors and/or UHY LLP (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.
© 2014 UHY Advisors.
UHYLLP020714