SEGI Sales Blog

Massive Security Bug in OpenSSL Could Affect a Huge Chunk of the Internet

Tony Page - Friday, June 13, 2014

Massive Security Bug in OpenSSL Could Affect a Huge Chunk of the Internet

Those without a real interest in online security generally take most of it for granted, even when a widespread security breach threatens a significant proportion of internet users and numerous reputable sites are openly up in arms about it.

Many services suffered their biggest security breach in recent years in the form of Heartbleed, a bug in OpenSSL, a widely-used piece of encryption software, which left the sensitive data of millions accessible to third-parties, including the malicious kind.

Should I be worried?

Worrying is only any good if it prompts action, but in so few words, yes, you should be worried. Taking the caliber of affected sites into account, the likelihood that your frequently used services have been affected, one way or another, is very high.

Heartbleed is believed to have been at large for two years at least, and sensitive data tends to sit in a server's memory, meaning anything you've entered into an affected site in the last two years is out there somewhere.

Wouldn't I know if my data had been stolen?

If the third-party responsible for retrieving your information took action based upon it, odds are you would have noticed by now, but not necessarily.

Codenomicon, a security firm, carried out an in-depth investigation into Heartbleed, and found that making use of Heartbleed didn't result in any formal record among the affected server's logs.

This means that affected services can only know that they are affected by the bug, not that the bug has been exploited.

As a result, many services are having to play the safe card and assume that the bug has been exploited.

"We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 certificates, usernames and passwords, instant messages, emails and business critical documents and communication." Heartbleed.com

Alright, I'm worried - but what do I do?

The first step is to follow suit and assume the worst. Abstain from using any affected sites where possible for now, until the service has patched Heartbleed.

Once they've done so, it's time to change those passwords - make sure you use different passwords for different sites, and do not do this until it’s patched.

Once that's done, you should be able to resume normal use of the service and site.

If you're looking for network cabling solutions for your home office in the Rocky Mountain, Tempe, Desert Southwest, Arizona area, then contact SEGI Sales today on 480-317-0868.

You can also contact us at http://www.segisalespros.com/contact-us.htm for help with structured cabling management.

Trackback Link
http://www.segisalespros.com/BlogRetrieve.aspx?BlogID=3447&PostID=467460&A=Trackback
Trackbacks
Post has no trackbacks.

Connect & Share With Us















Watch Our Latest Video