Micro Doctor has been hard at work evaluating the effects of Heartbleed Vulnerability and whether or not we have any potential concerns for your systems. The first thing we did was look at our internal and external servers. Luckily our main security vendor, Sonicwall, protects us and our servers from any Heartbleed exploits. We found that none of the Sonicwall firewalls have any vulnerability to Heartbleed and its Intrusion Protection Service is blocking attempts to exploit the OpenSSL vulnerability.
Looking internally, we are pleased to announce that we have not been using OpenSSL for any of our websites that we host here. While OpenSSL is more widely used on Apache/Linux web servers we use Microsoft IIS servers which utilize Schannel security measures. In other words, our servers are NOT vulnerable to Heartbleed.
Are my accounts secure?
While our websites and solutions are secure from Heartbleed, there are a wide variety of sites on the Internet that aren't. Here is the ever-growing list of websites that were affected and whether or not they are safe now and whether or not you should change your password.
Site Patched Change password Notes:
| Facebook.com
Instagram.com Twitter.com Tumblr.com Pinterest.com Linkedin.com Smartermail AOL.com Gmail.com Hotmail.com Yahoo.com Apple.com Amazon Microsoft.com Ebay.com Netflix.com Dropbox.com Lastpass.com Flickr.com Logmein.com Pandora.com |
Yes
Yes Yes Yes Yes No No No Yes No Yes No No Yes No No Yes Yes Yes Yes Yes No |
Yes
Yes No Yes Yes No No No Yes No Yes No No Yes No No Yes Yes Yes Yes Yes No |
Not sure it was ever affected
It was infected change password Twitter claims no breaches Not sure it was ever affected Not sure it was ever affected No use of OpenSSL No use of OpenSSL No use of OpenSSL Google says we are safe No use of OpenSSL This is a BIG one – change the password Why does Apple get a free pass on attacks Conflicting answer here – Change it anyway Google says we are safe No use of OpenSSL No use of OpenSSL Change the password This one scares me Crazy one here Pictures OK change it anyhow Change Logmein and Windows passwords No use of OpenSSL |
We have also found that the following sites aren't vulnerable to OpenSSL Heartbleed vulnerability:
- Comcast.net
- Ikea.com
- Ups.com
- Reuters.com
- Walmart.com
- Zillow.com
- Skype.com
- Salesforce.com
- AVG.com
- Weather.com
- ESPN.com
- Craigslist.org
- Paypal.com.
To date, we have no reports of vulnerabilities at any banking or credit card websites and the cloud Providers affected are: Google, Amazon, Rackspace and CenturyLink.
So what is Micro Doctor doing to protect its MD-Care managed service clients?
We have identified 40 potentially vulnerable Logmein Installations and are remotely patching Logmein at those locations via our powerful scripting tool. We have completed internal security checks and although we do not use OpenSSL, we are patching other servers that are missing some Microsoft patches in order to ensure complete security.
What do you need to do?
If you use some of the websites listed in the vulnerability list then login and change your password immediately. If you have a personal account at Logmein.com you should be verifying that your machines have the updated version of LogMeIn Pro Windows 4.1.0.4144 or above.
Micro Doctor is your one stop shop for all IT related services, including security, managed proactive patching and IT Projects. With 25 years of experience you won’t find a more technically stable IT company in the area.
Written by: Mark Richmond, President of Micro Doctor Inc. reach us at https://microdoctor.com or 330-898-2100
Leave a comment!
You must be logged in to post a comment.