SEGI Sales Blog

Major Security Bug Found in Web Encryption Tool

Tony Page - Sunday, June 22, 2014

Major Security Bug Found in Web Encryption Tool

Whether or not you know what Heartbleed is or what exactly it does, odds are you've heard the term thrown around over the last month or so, usually accompanied by a flurry of panic and hasty advice.

In the simplest terms, Heartbleed is a bug affecting OpenSSL, a piece of security software used by some of the most widely used websites online, and indeed, many that have a very real need for watertight security systems.

Obviously, anytime the words 'bug' and 'security' occupy the same sentence ought to be a cause for concern, but Heartbleed is perhaps one of the most serious security threats of the last decade or so, due in no small part to the number of services which have found themselves affected by its breach.

What Do We Know About Heartbleed?

Heartbleed is the nickname given to a flaw in OpenSSL, which has the potential to allow cyber criminals a means of accessing sensitive information, such as usernames and passwords, entered into sites which make use of OpenSSL by a user

Despite only just having been identified, it's estimated that the bug has been around for two years or so, and while there's no real way of gauging whether or not any particular user's information is likely to have been stolen, the sites affected have, understandably, taken the “better safe than sorry” approach, and for the most part, offered advice to user such that they assume the worst.

What Is The Worst That Could Happen?

This really depends on the services use, but if you browse the internet on a semi-regular basis, there's a good chance one or a few services you make use of will have been affected by Heartbleed.

For example, if you're a Yahoo user, cyber criminals, in theory, may have access to any Yahoo accounts, and the data therein.

What Happens Next?

As with any large scale bug, a patch is required to seal the loophole and prevent future access to any of the sites which make use of OpenSSL software.

OpenSSL have made this available already, but warn that smaller sites who use their services may take a little longer than the highly-publicized giants who've been affected to make use of the patch itself.

Given also that versions of the software are affected, representatives from OpenSSL are advising users to update their existing version to OpenSSL 1.0.1g, which is not currently affected by Heartbleed, rather than using version 1.0.2, for which a bug fix is underway at present.

If you'd like to learn more about Heartbleed and how to guard your network from it, contact SEGI Sales today on 480-317-0868.

SEGI provides IT Infrastructure Solution such as Network Infrastructure Installation, Security & Special Systems Installations, and Facility Protection Installation for IT & data center projects, healthcare facilities, universities, Fortune 500 companies, small businesses, and any facility with mission critical network deployment requirements in the Rocky Mountain, Tempe, Desert Southwest, and Arizona area.

Contact us at http://www.segisalespros.com/contact-us.htm to get your IT infrastructure up and runnning in no time!

Trackback Link
http://www.segisalespros.com/BlogRetrieve.aspx?BlogID=3447&PostID=508843&A=Trackback
Trackbacks
Post has no trackbacks.

Connect & Share With Us















Watch Our Latest Video