Article Date: 04/23/2014
On April 8th and 9th, the media announced to the public that a new bug called “Heartbleed” was appearing in a very popular and widely used encryption technology called "OpenSSL" which handles cryptographic protection of data. OpenSSL is used by many web sites to run the HTTPS secure web protocol. Any system that uses OpenSSL and is accessible via the Internet could be vulnerable. When the bug is exploited, an attacker can retrieve the contents of memory from remote systems. This memory may contain usernames, passwords, keys or other useful information that enables bigger attacks.
Hawaiian Telcom takes comprehensive and aggressive security steps to prevent attacks such as those caused by Heartbleed in our various customer systems and software: hawaiiantel.com, hawaiiantel.net and McAfee. However, there are best practices consumers and businesses should follow regularly as precautionary measures to mitigate the issue on their own systems.
If you’re a typical home user, there’s only a slight risk on your own system, since Microsoft and Apple operating systems do not use OpenSSL. However, the risk for you is that the web sites that you access with a logon id and password may have been infected by Heartbleed, thereby putting your login credentials and other sensitive information that you entered on those web sites at risk of exposure. Applications that you install might use OpenSSL, but are not likely to be very vulnerable. Still, it would be a good idea to keep all your software updated. Consumers should assume that their usernames, passwords or secrets may have been leaked and take steps to re-set their passwords once the provider has patched. Click here for tips on creating strong passwords:
For a list of the most popular affected sites, which include google.com and yahoo.com see the following websites:
If you have too many passwords to remember and need to use a program to securely store your passwords for you, there are some good suggestions at http://arstechnica.com/information-technology/2013/06/the-secret-to-online-safety-lies-random-characters-and-a-password-manager/
Businesses and anyone running a Web server should install the latest updates as soon as possible. They should also check that their firewalls prevent any access directly from the Internet to their internal systems, but especially to "appliances" like laser printers, disk servers, routers, and wireless access points that have web pages to access their status and make configuration changes. A number of these appliances are known to be susceptible to Heartbleed. Businesses that think their sites may be vulnerable should act responsibly and let their customers know and advise them when patches are completed so that it’s safe to make password changes.
Hawaiian Telcom WiFi Hot Spot Users:
As a precaution, we’re advising all customers that logged into one of Hawaiian Telcom’s WiFi hotspots, prior to midnight, April 8, 2014 to reset their passwords. Our Wifi Hot Spots are located at Jamba Juice, Zippy’s, Jack-in-the-Box, The Coffee Bean & Tea Leaf, Lanikai Juice and IHOP. Click here to change your password.