Recently, a major security vulnerability named “Heartbleed” has made headlines around the world. This is a severe vulnerability stemming from a coding mistake in a widely-used security utility called OpenSSL. The bug affects the encryption technology designed to protect your sensitive data on the Internet, like usernames, passwords and emails. This is a flaw in the OpenSSL encryption code itself and not a virus that can be stopped by any consumer security/virus scan software.
With that being said, please note that ContactEase is not impacted by Heartbleed. Our web add-on components (such as Mobile Solutions, Mailing List Manager, Change Tracker, Online Update and RSVP Forms) are required to be installed on IIS web servers, which do not by default rely on OpenSSL.
It is still recommended that you check with your hosting provider or IT professionals to ensure your servers are not using OpenSSL. In addition, you may want to check with any online services that you use.
What You Should Do:
- Confirm that both your internal web servers and hosted web servers are using a safe version of OpenSSL.
- You can check which major online services have been effected using the list provided by Mashable.
- Reset your password for every online service affected by Heartbleed. But beware: you should only change your password after the afflicted business has fixed its servers to remove the Heartbleed vulnerability. Changing your passwords before a company’s servers are updated will not protect your credentials from being leaked.
- Follow best practices for creating passwords, using strong passwords.
- Ask an IT professional inside your organization for additional tips to keep your accounts secure.
For specific legal vendor information related to Heartbleed, you can learn more on ILTA’s Connected Community.
If you have questions regarding ContactEase and the Heartbleed security vulnerability please contact firstname.lastname@example.org.