Skip to main content
Security

Heartbleed: Enterprise IT, Change Your Passwords

By April 22, 2014No Comments

HeartbleedWe are finally in the aftermath of the Heartbleed security flaw hysteria, but it’s important for enterprise IT to examine how it was impacted by Heartbleed and what needs to be done going forward.

Cloud Services

Many cloud service providers, including Amazon Web Services and Rackspace, were, impacted by the Heartbleed flaw. Although most say they never had to intervene on a customer’s behalf, it’s recommended that passwords and encryptions are changed.

Microsoft’s Azure Active Directory has updated to add preview support for multi-forest identity synchronization and password reset writeback. And while Microsoft says that Azure was not affected, customers running Linux images in Azure Virtual Machines (which they’ve been able to do since 2012, when the Heartbleed bug first entered OpenSSL) could very well be vulnerable.

Gmail and Yahoo

Google’s services were heavily affected by this flaw. Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine were all patched but Google says both Chrome and the Chrome OS did not have Heartbleed. Yahoo has also rolled out patches to mitigate the flaw. Users of either Google or Yahoo services should change passwords immediately.

Servers

HP, Dell and IBM have all announced that their servers were affected by the Heartbleed flaw. By now, most have been patched. Change your passwords and possibly any encryptions or private keys you might have used.

Other services and vendors that have issued patches for Heartbleed include Cisco, VMware, Bing, Netflix, GoDaddy, and Dropbox. Password changes are recommended for all sites that had the Heartbleed vulnerability.