special_adv_vortika

fleanil combo

ai6

Blog

https_virus_heartbeat_heartbleed_800

HTTPS Virus HeartBeat & HeartBleed: a Bug Breaks Worldwide Internet Security Again

Virus Description
A new bug shrinks trust on the Internet on a significant scale. This virus called ‘heartbleed’ or ‘heartbleed’ is based on a fault in functionality in the widely used OpenSSL library used by a huge amount of servers on the net. It was originally discovered by Neel Mehta of Google security and it works like this: the attacker can retrieve memory (up to 64kb) from the remote system. This memory may contain usernames, passwords, keys or other useful information that enables bigger attacks. An attacker may for example be able to retrieve the keys and secrets used to encrypt traffic and then intercept and read the communications of all other users of that service. Some people think that 64kb is a very small amount of data, yes it is, but of course the attacker can connect repeatedly and progressively collect all the memory of a server, and analyze it later. This is a serious problem.

Consumers Point of View
Consumers should assume that their usernames, passwords or secrets may have been leaked and take steps to re-set their passwords once the provider has patched. In this case it is very difficult, if not impossible, to retrospectively identify if someone attacked your systems so it is better to assume compromise, re-set your credentials and play it safe.

Panic over the Net
There is panic over the issue (see #heartbleed on Twitter). The defect has been in the code for over 2 years! Many are surprised that the bug has only just been found now, particularly as the OpenSSL code is open source and has been reviewed by quite a substantial number of people. This speaks to the challenge of writing secure software and bug hunting, but also perhaps highlights that there should be more systematic review of software which is so critical to all of our security and trust online.

How to Check it
Check whether your website, apps or any products use OpenSSL and whether they are vulnerable to the attack. There is a neat site at http://filippo.io/Heartbleed/ where you can quickly run the check. If the website is reported to be vulnerable you should IMMEDIATELY contact the provider and change your password as soon as the bug is fixed.

AUTHOR - Andrea Billi

Google Plus: +Andrea Billi

No Comment

0

Post A Comment

Main Partners
Social links
     
Web Marketing Bologna, - Emilia Romagna: Bologna, Ferrara, Forlì, Modena, Parma, Ravenna, Piacenza, Reggio Emilia, Rimini - Friuli-Venezia-Giulia: Gorizia, Pordenone, Trieste, Udine - Lazio Frosinone, Latina, Rieti, Roma, Viterbo - Liguria Genova, Imperia, La Spezia, Savona - Lombardia Bergamo, Brescia, Como, Cremona, Lecco, Lodi, Mantova, Milano, Monza, Pavia, Sondrio, Varese - Marche Ancona, Ascoli-Piceno, Fermo, Macerata, Pesaro-Urbino - Piemonte Alessandria, Asti, Biella, Cuneo, Novara, Torino, Verbano-Cusio-Ossola, Vercelli - Toscana Arezzo, Firenze, Grosseto, Livorno, Lucca, Massa-Carrara, Pisa, Pistoia, Prato, Siena - Trentino Bolzano, Trento - Umbria Perugia, Terni - Veneto Belluno, Padova, Treviso, Verona, Venezia *** I N J E N I A ***
google partner roma,
google partner milano,
google partner napoli,
google partner torino,
google partner palermo,
google partner bari,
google partner brescia,
google partner catania,
google partner bergamo,
google partner salerno,
google partner firenze,
google partner padova,
google partner caserta,
google partner verona,
google partner varese,
google partner treviso,
google partner vicenza,
google partner monza,
google partner genova,
google partner venezia,
google partner lecce,
google partner cosenza,
google partner modena,
google partner perugia,
google partner messina,
google partner foggia,
google partner como,
google partner cuneo,
google partner taranto,
google partner latina,
google partner cagliari,
google partner reggio calabria,
google partner pavia,
google partner trento,
Seo Optimized Content
Content update code : BUuukxz1tk - 12/11/2018
Content update code : BUasdqwe1tk - 13/11/2018