News & Resources

Publications & Media

“Advice in the Wake of Heartbleed”

Middle-Market Legal Toolbox Blog By Jessica L. Franken

By now, you’ve almost certainly heard of Heartbleed, the major flaw in OpenSSL, a security protocol used by an estimated two-thirds of websites. The Heartbleed security issue has been getting a lot of press, but what does it mean for you?

If your company has a website that uses either the 1.0.1 or 1.0.2-beta releases of OpenSSL, including 1.0.1f and 1.0.2-beta1, your system may be vulnerable. OpenSSL has released a fix, and you should:

  1. Promptly download the fix from OpenSSL.org and update your system.
  2. Advise your users that you have implemented the fix and have your users change their passwords as soon as the fix is in place.

You can also test to see whether a website that you are accessing is vulnerable, by using this tool, and more information on Heartbleed is available here.

Originally published on Middle-Market Legal Toolbox Blog, April 9, 2014