Heart a’Hack
Around two-thirds of websites are vulnerable to ‘heartbleed hackers’
The Heartbleed bug came to fore three days ago, discovered April 7, and is wreaking havoc for many companies having gone undetected for the past 2 years. Here’s a simple breakdown of what the bug is and what this actually means for us…
Heartbleed is a security bug that potentially allows for the theft of data typically protected by OpenSSL (the open source implementation of the SSL/TLS encryption software most websites use, including many popular banking and retail sites). OpenSSL is a popular cryptographic library used to digitally scramble sensitive data as it passes to and from computer servers so that only the service provider and the intended recipients can make sense of it. Affecting around 67% of websites this flaw lets hackers digitally unscramble information and eavesdrop on communications between servers and steal data as they wish without leaving a trace.
The implications are enormous! It is hard to predict the actual impact it will have though we know it will be huge. The exploitation of this bug leaves no trace of any abnormal happenings to the logs and can go undetected; essentially we might never know what data has been compromised and what information has been stolen which is quite a sobering reality.
Looks like it’s going to be a long week for IT Professionals who need to, update servers and patch up vulnerabilities to prevent the leak of any more secure data.
Read more: http://heartbleed.com/
http://www.bbc.co.uk/news/technology-26954540
Share this… @zebrapeople