EN
  • Home
  • Services
    • Dedicated team Your extended workbench at PITS
    • Web shops & websites Convincing websites for SMEs
    • Software development Complex projects made to measure
    • Hybrid or native iOS and Android apps Native iOS and Android apps
  • Initiatives
  • References
  • Technology
  • Process
  • About PITS
  • Contact
  • Media
    • Blog Our blog regularly provides you with current and exciting articles on a wide variety of topics from the online world.
    • White paper PITS Whitepapers are carefully prepared for developers as well as for customers on specific topics.
  • Jobs
  • Startups
�

What the “Heartbleed” Security Bug Means

By Anuraj on July 16, 2014
Test Cafe

By Thara Nair

Software Crowd Testing

By Anupama PS

How to use CDN

By Nimisha RH

Microservices Architecture

By Sonu CN

HEARTBLEED BUGIt’s a very painful occasion when our heart bleeds. Does it occurs only to Humans. Millions of websites are already facing the prospect of data leak because of Heartbleed, if they haven’t leaked out information already. It is assumed that it  have been in existence for two years, but found out only recently.

 

What is the Heartbleed bug?

Heartbleed is a major security flaw that if exploited, will cause a web server to reveal user content. It’s a bug that affected hundreds of millions of websites, exposing usernames, passwords, encryption keys, and other sensitive data. The main reason why this security flaw gained so much attention is because it’s a vulnerability that occurred in OpenSSL, an open source software, used across the globe to encrypt communications happening over the Internet. It was an abrupt but necessary reminder that when it comes to the Internet, nothing is safe.  Sites like Mashable, have compiled a list of popular sites that could have been compromised by this vulnerability.

“In the wake of the HeartBleed vulnerability, many organizations and hosting providers have lulled themselves into a false sense of security by relying on Intrusion Detection Systems (IDS) to automatically deal with HeartBleed attacks,” Halon Security CEO Jonas Falck said recently. “IDS systems were designed to sniff out vulnerabilities, but closed source development teams take too long to respond and patch issues like HeartBleed.”

He continued, “The Open Source community has received a bad rap for the OpenSSL exposure, but the community has rallied together to patch the issue quickly. If anything, the HeartBleed issue has shown how reliant the Internet as a whole is on Open Source, so if corporations can give back to the Open Source community after taking advantage of OpenSSL or so long, there will be more eye balls spotting vulnerabilities earlier in the future.”

According to Falck, “the Internet will never be 100% safe” from hackers and vulnerabilities like Heartbleed. With the right strategies, however, security companies can take steps to protect businesses and consumers more thoroughly.

Many prominent websites have already released fixes for the exposure and several more are in the process of fixing it. But the actual problem lies in the fact that it’s not enough for these sites to simply fix their servers.

How to protect yourself/your servers from Heartbleed ?

If you’re a server admin: The Heartbleed bug has been patched in version 1.0.1g of OpenSSL. If the updated package isn’t available for your distro yet, the compile-time option of -DOPENSSL_NO_HEARTBEATS will also mitigate against the bug.

If you’re a web surfer: The users should update their passwords and login information immediately for the handful of sites that really matter to you or risk cyber criminals still accessing their data, as these hackers now know the digital keys used by the server to authenticate user requests.

  • Avoid using the same password at two sites that matter to you. This lowers the security level of any site with that password to the level of the sleaziest and least-secure site where you’ve ever used it.
  • Try using a password manager, which will generate an unlimited set of unique, “difficult” passwords and remember them for you.
  • Use the two-step sign-in processes for every system that allows them, for eg. Gmail.

Do you own a website ? Do you want to know if your site is susceptible to Heartbleed vulnerability. Use this tool : https://filippo.io/Heartbleed/  Usually our engineers use this tool to cross check the sites that  we’re working on.

The Heartbleed bug will cause ripples for years to come — and in the short term, possibly a tsunami of high-profile hacks as well, unless big websites move very quickly indeed.  Heartbleed has created a massive uproar in the cyber world for legitimate reasons.  Please make sure to follow always the latest security guidelines in your applications and try to ensure protection from all such vulnerabilities.

Leave a Reply Cancel reply

You must be logged in to post a comment.

Copyright © 2021 PIT Solutions AG.An ISO 9001:2015 certified company. All Rights Reserved

Imprint

We'd love to hear from you.

Contact us

Switzerland
kontakt (at) pitsolutions (dot) ch
+41 43 558 43 60

India
contact(at)pitsolutions(dot)com
+91 471 270 0615 / 715

USA
ajith.alexander(at)pitsolutions(dot)com
+1 425 440 2812

UAE
rafeek(at)pitsolutions(dot)com
+971 50 955 7860

Copyright © 2021 PIT Solutions AG.An ISO 9001:2015 certified company. All Rights Reserved

Imprint
Contact us!
SCROLL TO TOP
This site is registered on wpml.org as a development site.