Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Cloud Computing
Next Generation Data Center Is Here!
Average Rating:
Rate this article:  
Is Heartbleed the Biggest Web Security Threat Ever?
Is Heartbleed the Biggest Web Security Threat Ever?

By Barry Levine
April 11, 2014 10:35AM

    Bookmark and Share
On the question of whether Heartbleed is the biggest threat, Gartner security analyst Avivah Litan commented to us that "it depends how you look at it." She pointed out that, "as long as it's fixed," it is a manageable issue. On the bright side, Litan said, the disclosure of the bug and the quick fix "is what open source is all about."
 



Even as the Heartbleed bug that has infiltrated Web sites and threatened millions of users runs its course, its impact is being assessed. And, as the extent of the vulnerability increases, a question is whether Heartbleed has set a milestone in Web security threats.

On Monday, a critical vulnerability was made public in some versions of the encrypting technology OpenSSL, which is used by hundreds of thousands of Web sites. The vulnerability was apparently undetected for nearly two years, and hackers can exploit it without leaving any sign they did so.

OpenSSL uses SSL/TLS encryption for security and privacy in Web sites, e-mails, instant messaging and other applications. The vulnerability could allow a hacker to steal sensitive data, including user names, passwords, and the keys used to decode encrypted transmissions.

'Implementation Problem'

A fix has been released and is being implemented by many sites. According to The Heartbleed Bug site, the bug is not a design flaw in the SSL/TLS protocol spec, but rather is an "implementation problem, i.e., programming mistake in popular OpenSSL library that provides cryptographic services."

On Friday, Reuters news service reported on recent warnings from security experts that the bug may be greater than just Web servers. The reason is that the unpatched OpenSSL code is also used in some e-mail servers, users' computers, smartphones and firewalls. There are also reports that version 4.1.1 "Jelly Bean" of Google's open-source operating system, Android, also has the same vulnerability, which, if accurate, would magnify the problem by millions of smartphones.

Security expert Jeff Moss, for instance, told Reuters that he is waiting for an enterprise firewall patch from McAfee. Cisco, Intel and other major technology companies are reportedly reviewing their products now to see if they are affected by the vulnerability.

Given the extent of the vulnerability, one question is whether Heartbleed represents the biggest security threat yet for the Web.

'As Long as It's Fixed'

Lawrence Orans, vice president for research at industry research firm Gartner, told us that "the problem with Heartbleed is that the burden is on the consumer to change passwords on multiple Web sites." He added that "it's a bigger pain in the neck than upgrading to the next level of iOS. Most consumers won't change their passwords, but they will be at risk."

John Grady, program manager for security products at IDC, said that "any time there's a vulnerability this broad, its a huge deal because of the lack of awareness among many consumers relative to best practices for online safety." He noted that "there's always the risk that vulnerabilities like this are going to be discovered, but I don't think that this is going to open the floodgates." (continued...)

1  |  2  |  Next Page >

 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Cloud Computing
1.   Oracle To Buy TOA Technologies
2.   Oracle Releases a Slew of Upgrades
3.   Cloud Wars: AWS vs. Microsoft, IBM
4.   Yammer Moved to Office 365
5.   IBM, California Partner in the Cloud


advertisement
Amazon Intros Zocalo Storage Service
Online storage and sharing for business.
Average Rating:
Avaya Pressing Hard on Cloud-Based UC
Provides easier, faster provisioning.
Average Rating:
Cisco Woos More Devs with DevNet
To create new network-aware apps.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New 'Backoff' Malware Slips Undetected into Retail Systems
'Malicious actors' are using a new variety of malware to access consumer payment data remotely through point-of-sale systems, according to a report from the Department of Homeland Security.
 
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
USB Security Flaw Lets Hackers Hijack PCs
Hackers can use the firmware that controls USB functions to take control of computers, say security experts. That means there may be a new class of attack for which there are no defenses.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
BlackBerry Messenger Now Available on Windows Phone
BlackBerry's free Messenger chatting and voice app is out of beta and widely available for Windows Phone users, the company said. BBM offers secure messaging, Groups, Voice, Channels and more.
 
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.