Update on heartbleed vulnerability

Micro Doctor has been hard at work evaluating the effects of Heartbleed Vulnerability and whether or not we have any potential concerns for your systems. The first thing we did was look at our internal and external servers. Luckily our main security vendor, Sonicwall, protects us and our servers from any Heartbleed exploits. We found that none of the Sonicwall firewalls have any vulnerability to Heartbleed and its Intrusion Protection Service is blocking attempts to exploit the OpenSSL vulnerability.

Looking internally, we are pleased to announce that we have not been using OpenSSL for any of our websites that we host here. While OpenSSL is more widely used on Apache/Linux web servers we use Microsoft IIS servers which utilize Schannel security measures. In other words, our servers are NOT vulnerable to Heartbleed.

Are my accounts secure?

While our websites and solutions are secure from Heartbleed, there are a wide variety of sites on the Internet that aren't. Here is the ever-growing list of websites that were affected and whether or not they are safe now and whether or not you should change your password.

Site Patched Change password Notes:

Facebook.com

Instagram.com

Twitter.com

Tumblr.com

Pinterest.com

Linkedin.com

Smartermail

AOL.com

Gmail.com

Hotmail.com

Yahoo.com

Apple.com

Amazon

Google

Microsoft.com

Ebay.com

Netflix.com

Dropbox.com

Lastpass.com

Flickr.com

Logmein.com

Pandora.com

Yes

Yes

Yes

Yes

Yes

No

No

No

Yes

No

Yes

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

No

Yes

Yes

No

No

No

Yes

No

Yes

No

No

Yes

No

No

Yes

Yes

Yes

Yes

Yes

No

Not sure it was ever affected

It was infected change password

Twitter claims no breaches

Not sure it was ever affected

Not sure it was ever affected

No use of OpenSSL

No use of OpenSSL

No use of OpenSSL

Google says we are safe

No use of OpenSSL

This is a BIG one – change the password

Why does Apple get a free pass on attacks

Conflicting answer here – Change it anyway

Google says we are safe

No use of OpenSSL

No use of OpenSSL

Change the password

This one scares me

Crazy one here

Pictures OK change it anyhow

Change Logmein and Windows passwords

No use of OpenSSL

We have also found that the following sites aren't vulnerable to OpenSSL Heartbleed vulnerability:

  • Comcast.net
  • Ikea.com
  • Ups.com
  • Reuters.com
  • Walmart.com
  • Zillow.com
  • Skype.com
  • Salesforce.com
  • AVG.com
  • Weather.com
  • ESPN.com
  • Craigslist.org
  • Paypal.com.

To date, we have no reports of vulnerabilities at any banking or credit card websites and the cloud Providers affected are: Google, Amazon, Rackspace and CenturyLink.

So what is Micro Doctor doing to protect its MD-Care managed service clients?

We have identified 40 potentially vulnerable Logmein Installations and are remotely patching Logmein at those locations via our powerful scripting tool. We have completed internal security checks and although we do not use OpenSSL, we are patching other servers that are missing some Microsoft patches in order to ensure complete security.

What do you need to do?

If you use some of the websites listed in the vulnerability list then login and change your password immediately. If you have a personal account at Logmein.com you should be verifying that your machines have the updated version of LogMeIn Pro Windows 4.1.0.4144 or above.

Micro Doctor is your one stop shop for all IT related services, including security, managed proactive patching and IT Projects. With 25 years of experience you won’t find a more technically stable IT company in the area.

Written by: Mark Richmond, President of Micro Doctor Inc. reach us at https://microdoctor.com or 330-898-2100


Leave a comment!

You must be logged in to post a comment.