What Heartbleed Taught Us About Security

Posted on April 15, 2014 by - Uncategorized

Or perhaps, the lack thereof. For the unfamiliar, the “Heartbleed Bug” was a piece of code that computer hackers could use to eavesdrop on private communications across multiple platforms.

1440815_25282661

Conspiracy theorists have been talking about a “tracking information bug” for well over a year and blamed government programs and secret NSA tactics as the reason and source of the bug.

However, earlier this month German computer programmer Robin Seggelmann finally confessed to writing the Heartbleed code, which was added on the last day of 2011.

“It was a simple programming error in a new feature, which unfortunately occurred in a security relevant area,” Seggelmann said.

That relevant area dealt with encrypted SSL communications that users and administrators alike thought were being kept safe and private. Luckily, before the Heartbleed damage became catastrophic, the bug was discovered by Google Security and Codenomicon within the OpenSSL cryptographic software.

The bleeding may have stopped, by a lot of companies and businesses are trying to decide what to do with the wound and eventual scar.

“Website and server administrators will have to spend considerable time, effort and money to mitigate all the security risks associated with Heartbleed, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years,” reported Lucian Constantin.

And it wasn’t just small companies and businesses that were affected by Heartbleed. LiquidPlanner (LP) recently sent out an email telling their customers, “We [LP] took immediate action to assess and remediate any impact to our systems. As an additional security measure, we recommend that you change your password,” the email stated.

It may take months if not years to find out the true impact of Heartbleed on our Internet security.

 

Sources: Dailymail.co.uk, PCWorld.com, Google

Leave a Reply

  • (will not be published)


four − = 3