IBJNews

Local businesses struggle to make sense of Heartbleed flaw

Back to TopCommentsE-mailPrintBookmark and Share

News poured in last week that was hard to decipher for those not up-to-date on technological lingo or Internet security gaps.

Something bad—really bad—called “Heartbleed” potentially had compromised supposedly secure information across pretty much the entire Internet, business owners and managers learned. But explanations were confounding.

A week after reports of Heartbleed first emerged, companies around Indianapolis—especially small ones without their own information technology teams—are still trying to make sense of the problem that went unnoticed for close to two years and potentially exposed droves of Internet users’ personal information.

Chris Wardrip, CEO of Financial Health Federal Credit Union in Indianapolis, admitted he didn’t know what to make of a lot of the explanations he heard. He just knew there was a problem and he’d better fix it.

“I’m not a technology expert,” he said, noting his credit union doesn’t have its own IT department.
 
“It seems like every new thing that comes up has a new twist," he said. "If you’re concerned about customers’ information, the prudent thing is to do enough research to understand whether you’re in jeopardy and reach out to the experts.”

The credit union decided it had better at least ask an expert, so it turned to an outside IT firm and its web host. Everything was safe, Wardrip was assured.

Even relatively simple explanations of Heartbleed can make one's head spin. Here's an attempt from Codenomicon, one of the firms that discovered the problem:

“The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).”

Internet security companies and news outlets blitzed the Internet with warnings and guides on how to address Heartbleed. Recent reports say the vulnerability could affect mobile devices, and that many of the tools used to detect the flaw are themselves flawed.

A commonly used technology called OpenSSL protects personal information and online communication—anything from online sales to email messages. But there was a vulnerability that, in effect, exposed that information to anyone who knew how to exploit the flaw.

Major corporations, with expansive IT and security departments, issued statements that they fixed any problems—or didn’t have them at all.

Spokespeople for major Indianapolis companies contacted by IBJ said they had experienced no complications.

Some, such as Angie’s List and Interactive Intelligence Group Inc., said they checked into the problem and found no issues with vulnerability.

Others, such as WellPoint Inc., don’t use OpenSSL, allowing them avoid the complication.

Duke Energy Indiana found no issues, but is keeping a close eye on its system.

“As a general good practice, we encourage our employees and customers to change account logon information frequently to help minimize the risk of personal information getting into the wrong hands,” Angeline Protogere, a spokeswoman for the utility, said in an email.

Even if a company using OpenSSL patched Heartbleed, it probably wouldn’t know if someone used the flaw to steal customers’ information, said Steve Myers, an associate professor of computer science and informatics at Indiana University.

“There’s very little reason to suspect that if people were attacked that there are any logs of it,” said Myers, who is also a senior fellow at IU’s Center for Applied Cybersecurity Research.

For most small business websites, any issues would be on servers owned by companies hosting the websites—businesses such as GoDaddy or DreamHost, said Kim Brand, owner of Indianapolis IT services firm Computer Experts.

Business owners who haven’t already checked to see if their website is vulnerable should check on testing sites. Codenomicon posted a questions-and-answers guide with additional resources on how to address the vulnerability if there is one.

If there’s a problem, they need to check in with their web hosts about patching the vulnerability, said Mike Cowper, a member of the Indianapolis Metropolitan Cyber Defense Force.

The only small businesses that would be at risk, he said, would be the ones that conduct some form of electronic commerce or collect personal information on customers, Cowper said. For exmple, a restaurant that only posts menus on its website doesn’t have much to worry about.

A lot of advisories for Internet users suggest changing passwords for the websites they frequent. But that's only effective after a website has patched the problem. Otherwise, new passwords on vulnerable websites could feed the new information directly to prying eyes.

The bigger risk for a lot of local companies, Brand said, is not whether their own websites are at risk. Rather, the problem more likely would be on websites that employees visit while at work. Like any other Internet users, companies need to make sure their staffers are using safe websites.

Brand understands why local businesses have been so flabbergasted by Heartbleed. The city largely is filled with small businesses that don’t have the technological resources to handle the problem themselves.

“From the perspective of an average business guy, they don’t know that they had a problem,” he said. “All they can do is be afraid.”

ADVERTISEMENT

Post a comment to this story

COMMENTS POLICY
We reserve the right to remove any post that we feel is obscene, profane, vulgar, racist, sexually explicit, abusive, or hateful.
 
You are legally responsible for what you post and your anonymity is not guaranteed.
 
Posts that insult, defame, threaten, harass or abuse other readers or people mentioned in IBJ editorial content are also subject to removal. Please respect the privacy of individuals and refrain from posting personal information.
 
No solicitations, spamming or advertisements are allowed. Readers may post links to other informational websites that are relevant to the topic at hand, but please do not link to objectionable material.
 
We may remove messages that are unrelated to the topic, encourage illegal activity, use all capital letters or are unreadable.
 

Messages that are flagged by readers as objectionable will be reviewed and may or may not be removed. Please do not flag a post simply because you disagree with it.

Sponsored by
ADVERTISEMENT

facebook - twitter on Facebook & Twitter

Follow on TwitterFollow IBJ on Facebook:
Follow on TwitterFollow IBJ's Tweets on these topics:
 
Subscribe to IBJ
  1. I am so impressed that the smoking ban FAILED in Kokomo! I might just move to your Awesome city!

  2. way to much breweries being built in indianapolis. its going to be saturated market, if not already. when is enough, enough??

  3. This house is a reminder of Hamilton County history. Its position near the interstate is significant to remember what Hamilton County was before the SUPERBROKERs, Navients, commercial parks, sprawling vinyl villages, and acres of concrete retail showed up. What's truly Wasteful is not reusing a structure that could still be useful. History isn't confined to parks and books.

  4. To compare Connor Prairie or the Zoo to a random old house is a big ridiculous. If it were any where near the level of significance there wouldn't be a major funding gap. Put a big billboard on I-69 funded by the tourism board for people to come visit this old house, and I doubt there would be any takers, since other than age there is no significance whatsoever. Clearly the tax payers of Fishers don't have a significant interest in this project, so PLEASE DON'T USE OUR VALUABLE MONEY. Government money is finite and needs to be utilized for the most efficient and productive purposes. This is far from that.

  5. I only tried it 2x and didn't think much of it both times. With the new apts plus a couple other of new developments on Guilford, I am surprised it didn't get more business. Plus you have a couple of subdivisions across the street from it. I hope Upland can keep it going. Good beer and food plus a neat environment and outdoor seating.

ADVERTISEMENT