by

CNN Money is calling it, “the worst security hole the internet has ever seen.” If you’re like me, then you’re probably still scratching your head after news broke last week on the highly publicized “Heartbleed” attack.  Here’s what we do know…. OpenSSL is a security feature used in some software and online systems to protect communications and data with encrypted keys that would have otherwise been private.

Applications such as web, email, instant messaging, and some virtual private networks may or may not have been comprised, so it is suggested that user data to the following be updated as a precaution.

To Change

You should get into the habit of changing your passwords from time to time anyway. So, if you haven’t done so already, now would probably be a good time to take care of that.

Social Networks

  • Facebook
  • Instagram
  • Pinterest
  • Tumblr

Email Clients

  • Gmail
  • Yahoo

Website Operators

  • GoDaddy
  • Amazon Web Services

Videos, Photos, Games, Entertainment

  • Flickr
  • Netflix
  • YouTube
  • SoundCloud
  • Minecraft

*Source: Mashable

To Investigate

It is common for meeting professionals to integrate third-party services into their event management systems to manage things like payment and travel.  If you have one of these Third Party Integrations, you will need to contact that organization to determine if they have discovered or corrected this flaw.

  • Payment Gateways – If you are collecting Credit Cards, you are using a Payment Gateway.
  • GDS Partners – If you are using a Travel Management System, you have a GDS.
  • Travel Booking Tools – If your registration forms automatically proceed to the ticketing options for travel, you are using a Travel Booking Tool.
  • Custom Integrations – If you have any other connected services, you have a Custom Integration.

If there is an issue with their systems, you will need to follow with their recommendations to proceed.  It is likely they will instruct you to change your Login/Password to access their services.

To Test

If you think you may have entrusted a vulnerable site with your information, I would suggest using a security checking tool like the ones below:

LastPass Heartbleed Checker

 

We also know that the bug targeted major sites like Amazon, Google, and Yahoo who use those encryption tools, but they have since updated their sites to fix the bug.  There are many, however, who have not updated their sites and will continue to experience vulnerabilities until all encryption keys are purged.

Another precaution I suggest taking at this time is to log yourself out of ALL websites: social, banking, news, email…everything.

For more on the Heartbleed Bug, please visit: http://heartbleed.com/