Vocatys - Mobile Strategy Leaders
  • Home
  • Services
  • Case Studies
  • Contact
  • Blog

Heartbleed: The Bug You Cannot Afford to Ignore

10/4/2014

0 Comments

 
Heartbleed Bug
What is it?
Heartbleed Bug is a major and I do mean seriously “MAJOR” security flaw in widely used OpenSSL cryptographic software library. This bug allows anyone on the Internet to read the memory of the systems that are protected by OpenSSL. This bug was introduced in December 2011 and has been lurking out there since the version 1.0.1 release of OpenSSL on 14th March 2012.

For the technically inclined, there’s plenty more information at www.heartbleed.com

What does that meant to me?
A vast majority of systems online i.e. emails, websites, IMs, banking and pretty much most services online that are protected by OpenSSL are at serious risk. So essentially anything you do online that requires you to login including most apps on your mobile phones are potentially unsafe. By using any of these services you could be putting your details out in the open for anyone to see, steal and use.

Due to the nature of the access one can gain because of this bug, it is very hard if not impossible to detect the breach. If it has happened we wouldn’t really know it.

Should I panic?
Despite the scary sounding prognosis above, the short answer is, No. There are currently 2 kinds of people out there working very hard, day and night; people that are trying to fix this bug and people that are trying to exploit this bug.

  • People trying to fix it (good guys) only need to update their systems with OpenSSL 1.0.1g released on 7th April 2014. Trust me it’s far easier said than done but not as slow as it is for the bad guys.
  • People trying to exploit it (bad guys) can’t just do so in one go and steal all the information. They can only do this in chunks of 64kb in one attempt. This means they have to keep repeating the attack many thousands of times to make it worthwhile. That takes time. A lot of time!
  • Also Attackers are often not interested in the stolen data itself, they seek to try and sell this data. They have to find buyers and that again takes time.

So while the race is on, good guys have an advantage and most importantly panicking, as we know, will not solve anything.

What do I do?
To what extent the damage has already been done we will not know, for quite a while. However, there are a few things you can do at this point in time to mitigate or at least minimise the damage.

  • While changing your passwords immediately sounds like the obvious step to take, I would recommend holding off for just a few more days. With most systems still being patched (it’s a painfully long process), changing your password on a vulnerable system will not really help. So give it a few days and then go change every password, pin and login details of every service you use online.
  • For now (I know this is not going to be easy) avoid as best as you can using online services especially ones that require credit card details and other banking details.
  • And finally, if they haven’t already started, get your IT department, IT support providers and/or system administrators to immediately update your networks and servers with the latest version of OpenSSL 1.0.1g.

As I mentioned earlier, there is no reason to panic but every user online right now needs to be hyper vigilant and avoid secure activities on the Internet.

For more information and/or help feel free to contact us on heartbleed @ vocatys . com. Also pass this information along to other peeps in your network that could benefit from this.
0 Comments



Leave a Reply.

    Author

    The Vocatys Team writing on Breaking News on Emerging Technology, How-To's, Why-To's, Company News and some seriously mundane ramblings!


    Archives

    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014


    Categories

    All
    Apps
    Bitcoin
    Breakup
    BYOD
    Cloud Strategy
    Data Analytics
    DeCent IT
    DeCent-IT
    GoT
    Heartbleed
    Internet Security
    IoT
    IT Support
    MH370
    Mobile Hijack
    Mobile Security
    Mobile Strategy
    Responsive Design
    RiskEverything
    SMB
    Social Media
    Video


    RSS Feed

What We do

DeCent-IT Framework
Mobile Strategy Consulting
Business IT Support
Apps & Websites

Company

About Us
Careers
Contact
Legal

what Our clients say

"Vocatys is the game changer that IT support companies don’t want you to know about."

- Director, Liquid Learning Group
© 2016 Vocatys Pty Ltd  |  44 Market St Sydney Australia