Close
Send Us A Tip

Do you have a tip for us? Just like any other popular news site, we accept tips from our readers. It is a quick way to help us find what people are talking about around the globe, what is about to go viral and, of course, what you think should be featured on Bit Rebels.
Please understand that we get hundreds of tips each day, and we can't feature everything. We are dedicatedly looking through all the tips submitted and pick the things we feel will appeal to our audience.

Name * Email *
Website * Related URL *
Subject *
Comment *
Verify That You Are Human... *
+ 7 = 17
Bit Rebels Logo
Heartbleed Business Security Vulnerability
Advertisement
CHECK OUT MORE OF OUR ARTICLES

We Ask: Will The Heartbleed Bug Affect My Business?

2 Years Ago By Richard Darell

It was on December 31, 2011, that a piece of flawed code in the Heartbeat Extension was implemented into OpenSSL. This piece of code, which was later to be named the ‘Heartbleed’ bug – or CVE-2014-0160 as it’s known in technical terms – has made headline news throughout the world, invoking a sense of paranoia rather than a genuine understanding of the issues at stake. As with most news stories which are complicated in nature, the general impact is one of fear.

This is quite natural considering our passwords and privacy may have been exposed to third parties, and the fact that very few of us have expert knowledge of the ins-and-outs of OpenSSL software. We need to understand if our fears are legitimate or not, so let’s have a look at what exactly Heartbleed is?

Heartbleed affects OpenSSL. OpenSSL allows your computer to communicate with various websites without information being made available to anyone looking in. Without this, usernames and passwords could be readily exposed, especially on vulnerable mobile devices.

The communication described above, between computer and server is called ‘heartbeat.’ In the past heartbeat only sent back the same info that it received, but with the Heartbleed bug, it can request extra data of up to 64kilobytes. Although this isn’t much, it can keep requesting as much as it feels necessary to extract the amount of information it needs. This is why the bug was dubbed the ‘Heartbleed’ bug.

Business often relies on OpenSSL and has duly rushed to upgrade to OpenSSL 1.0.1g, but it’s hard to assess what damage may have been done or what information might have been stolen.

Businesses often use an Enterprise Mobility Management Solution (EMM) to upgrade their security. Management platforms like MDM or MAM are very popular, and could gain more status in the weeks to come. Users of these services tend to stress that the above solutions must be properly configured for them to work to their full potential. It has been an even bigger concern after April 7, 2014, the day Heartbleed was publicly disclosed.

Modern business is now crammed full of company issued smartphones, tablets and laptops, so awareness of these dangers should be paramount to any organisation which values its security.

Businesses have been updating security certificates en masse due to rare cases of banking apps being hooked up to servers that were vulnerable to attacks.

It was initially thought that around 60% of servers may have been affected, which makes the furore more understandable; now they estimate it may have afflicted around 17% of servers which will be a big relief to a lot of businesses.

We live in a world of complicated technical jargon and we can’t be expected to understand every piece of information we are warned about in the media. What we can do on an everyday level is to change our passwords more regularly and never use the same passwords across a range of different websites. To the everyday user of modern technologies this seems to be the best advice to tackle Heartbleed. Business users should look into EMM solutions on top of Open SSL.

The question we ask is, will Heartbleed affect my business? Well, it could if you’re not up to date with your security patches. However, it should come as a relief that only 17% of servers were actually affected by the Heartbleed bug, but anyone concerned about their mobile phone may want to install patches to Android 4.1.1, which Google claims is the only version of its OS that could be affected.

Heartbleed – Believed To Have Affected 17% Of Servers

Heartbleed Business Security Vulnerability

Image: ZDNet
From Around The Web

4 Comments

Vedarth Deshpande

May 28th, 2014

That’s a good share! Everybody was and still worrying about heartbleed bug.

[Reply]

Richard Darell

May 30th, 2014

Thank you, Vedarth! Yeah, all it takes is a little bit of knowledge and a quick patch and everything should be fine. However, 17% is still a lot when you start looking at the actual numbers of how many servers are out there.

Victoria

June 4th, 2014

Thank you for great share – you are the first who clearly explains the heartbleed bug everybody is worrying about and even specualting

[Reply]

Richard Watson

July 3rd, 2014

After a major data loss last year, I honestly thought that my information was gone forever. Boy was I wrong! Thanks to a work partner, I was referred to CSU in Palm Beach Gardens. CSU was a life saver; they retrieved my data and provided an outstanding backup solution to protect my data from future mishaps.

[Reply]

Leave A Comment

SUBMIT

css.php