Micro Doctor has been hard at work evaluating the effects of Heartbleed Vulnerability and whether or not we have any potential concerns for your systems. First we looked at our internal and external servers. Luckily our main security vendor, Sonicwall, protects us against any Heartbleed exploits. None of the Sonicwall firewalls have any vulnerability to Heartbleed and its Intrusion Protection Service is blocking attempts to exploit the OpenSSL vulnerability.
We were not using OpenSSL for any of our websites that we host here. OpenSSL is more widely used on Apache/Linux web servers that means our Microsoft IIS servers are using Schannel and they are NOT vulnerable to Heartbleed. Here is the ever-growing list of Websites that were affected and whether or not they are safe now and whether or not you should change your password.
Site Patched Change password Notes:
Facebook.com
Instagram.com Twitter.com Tumblr.com Pinterest.com Linkedin.com AOL.com Gmail.com Hotmail.com Yahoo.com Apple.com Amazon Microsoft.com Ebay.com Netflix.com Dropbox.com Lastpass.com Flickr.com Logmein.com Pandora.com |
Yes
Yes Yes Yes Yes No No No Yes No Yes No No Yes No No Yes Yes Yes Yes Yes No |
Yes
Yes No Yes Yes No No NO Yes No Yes No No Yes No No Yes Yes Yes Yes Yes No |
Not sure it was ever affected
It was infected change password Twitter claims no breaches Not sure it was ever affected Not sure it was ever affected No use of OpenSSL No use of OpenSSL No use of OpenSSL Google says we are safe No use of OpenSSL This is a BIG one – change the password Why does Apple get a free pass on attacks Conflicting answer here – Change it anyway Google says we are safe No use of OpenSSL No use of OpenSSL Change the password This one scares me Crazy one here Pictures OK change it anyhow Change Logmein and Windows passwords No use of OpenSSL |
List of sites not vulnerable to OpenSSL Heartbleed vulnerability: Comcast.net, Ikea.com, Ups.com, Reuters.com, Walmart.com, Zillow.com, Skype.com, Salesforce.com, AVG.com, Weather.com, ESPN.com, Craigslist.org, Paypal.com. We have no reports of vulnerabilities at any Banking or Credit Card websites.
Cloud Providers affected are: Google, Amazon, Rackspace and CenturyLink.
So what is Micro Doctor doing to protect its MD-Care managed service clients? We have identified 40 potentially vulnerable Logmein Installations and we are remotely patching Logmein at those locations via our powerful scripting tool. We have complete internal security checks and although we do not use OpenSSL, we are patching other servers that are missing some Microsoft patches.
What do you need to do? If you use some of the websites listed in the vulnerability list then login and change your password. Ifyou have a personal account at Logmein.com you should be verifying machines have the updated version of LogMeIn Pro Windows 4.1.0.4144 or above.
Micro Doctor is you one stop shop for all IT related services, including security, managed proactive patching and IT Projects. With 25 years of experience you won’t find a more technically stable IT company in the area.
Written by: Mark Richmond, President of Micro Doctor Inc. reach us at https://microdoctor.com or 330-898-2100