At Security In shredding our purge clear out service and media destruction of electronic devices are a guaranteed method of data destruction. This form of data destruction ensures your data security is being maintained as with electronic devices there can be flaws and potential breaches that can be a major risk to a business or organisations data.
The Heartbleed Bug
An unexpected encryption flaw known as the Heartbleed Bug has been referred to as the biggest security threat the Internet has ever experienced. The Bug which is a severe vulnerability within the widely used OpenSSL cryptography software library has received the name “Heartbleed” from security researchers.
Open SSL software is used to encrypt information that you send to and from websites, examples of this information would be your login name and password and/or other sensitive information. SSL/TLS software provides communication privacy and security over the Internet for applications such as email, web, virtual private networks (VPNs) and instant messaging.
Within your browser you can recognise when websites encrypt information when you see a closed padlock symbol alongside the website address. The Heartbleed Bug enables anyone on the Internet to read memory of systems protected by the OpenSSL software.
This compromises the security keys used to identify service providers and encrypt the traffic, the actual content and the names & passwords of the users. The Bug essentially allows attackers to impersonate services and users by allowing them to eavesdrop on communications and steel data directly from the services and users.
As the bug allows hackers to exploit a flaw in the OpenSSL encryption software used by the majority of major websites changing your passwords will not matter if the website is still vulnerable as the website would have to update their software first.
To provide guidance and to help defend against this online tools such as The Heartbleed Test & Norton Safe Web – Heartbleed Check have been created in order to test if a website has been compromised by the Heartbleed Bug.
How Heartbleed works
When sending information back and forth through a secure connection (E.g. Facebook – Gmail messaging) sometimes a computer will test to check if the other computer is still available. This is completed by the computer by sending a small packet of data called a “heartbeat” which is then confirmed. The flaw within the OpenSSL software enables hackers to use a fake packet of data which in turn tricks the corresponding computer into responding with data stored within its memory.
This flaw within the conventional encryption software is undetectable by current standards and has been active under the radar for a period of time in the region of two years. Google Security Researcher and security firm Codenomicon discovered the flaw and they said that even if you are not a frequent user of the internet, you are most likely affected by the bug – “You are likely to be affected either directly or indirectly.
OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commercial site, hobby site, sites you install software from or even sites run by your government might be using vulnerable OpenSSL.”
How to stop the leak?
While the vulnerable version of OpenSSL is in use it can be abused. Fixed OpenSSL has been developed and released but it has to be deployed. Operating systems vendors, distribution vendors along with independent software vendors have to adopt the fix and notify their users as it becomes available for the software they use, operating systems and networked appliances.
This is a detailed report on the heartbleed bug. There are many bugs and issues regarding software and devices. Awareness to these issues is important for you and us. Ensuring your data security is maintained and compliance with data protection act.
Visti our shredding Limerick pages for details on our data destruction services.
Email us at: firstname.lastname@example.org