Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
You are here: Home / Cybercrime / Is Heartbleed the Biggest Threat Ever?
DDoS Protection Powered By Verisign
Is Heartbleed the Biggest Web Security Threat Ever?
Is Heartbleed the Biggest Web Security Threat Ever?
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
APRIL
11
2014


Even as the Heartbleed bug that has infiltrated Web sites and threatened millions of users runs its course, its impact is being assessed. And, as the extent of the vulnerability increases, a question is whether Heartbleed has set a milestone in Web security threats.

On Monday, a critical vulnerability was made public in some versions of the encrypting technology OpenSSL, which is used by hundreds of thousands of Web sites. The vulnerability was apparently undetected for nearly two years, and hackers can exploit it without leaving any sign they did so.

OpenSSL uses SSL/TLS encryption for security and privacy in Web sites, e-mails, instant messaging and other applications. The vulnerability could allow a hacker to steal sensitive data, including user names, passwords, and the keys used to decode encrypted transmissions.

'Implementation Problem'

A fix has been released and is being implemented by many sites. According to The Heartbleed Bug site, the bug is not a design flaw in the SSL/TLS protocol spec, but rather is an "implementation problem, i.e., programming mistake in popular OpenSSL library that provides cryptographic services."

On Friday, Reuters news service reported on recent warnings from security experts that the bug may be greater than just Web servers. The reason is that the unpatched OpenSSL code is also used in some e-mail servers, users' computers, smartphones and firewalls. There are also reports that version 4.1.1 "Jelly Bean" of Google's open-source operating system, Android, also has the same vulnerability, which, if accurate, would magnify the problem by millions of smartphones.

Security expert Jeff Moss, for instance, told Reuters that he is waiting for an enterprise firewall patch from McAfee. Cisco, Intel and other major technology companies are reportedly reviewing their products now to see if they are affected by the vulnerability.

Given the extent of the vulnerability, one question is whether Heartbleed represents the biggest security threat yet for the Web.

'As Long as It's Fixed'

Lawrence Orans, vice president for research at industry research firm Gartner, told us that "the problem with Heartbleed is that the burden is on the consumer to change passwords on multiple Web sites." He added that "it's a bigger pain in the neck than upgrading to the next level of iOS. Most consumers won't change their passwords, but they will be at risk."

John Grady, program manager for security products at IDC, said that "any time there's a vulnerability this broad, its a huge deal because of the lack of awareness among many consumers relative to best practices for online safety." He noted that "there's always the risk that vulnerabilities like this are going to be discovered, but I don't think that this is going to open the floodgates." (continued...)

1  |  2  |  Next Page >

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY BE OF INTEREST
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN CYBERCRIME
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Who Is the Hacker Group Lizard Squad?
Are they dangerous or just obnoxious? That’s what many are wondering about the hacker group Lizard Squad, which tweeted out a bomb threat that grounded a flight with a Sony exec aboard.
 
Are Government Spies Tipping Off Tor?
Less than a month ago, tech news headlines heralded a Tor Project breach. Now, some are saying that government spies are sharing information with Tor to help it prevent future breaches.
 
Backoff Malware Hits 1,000+ Businesses, Likely More
More than 1,000 businesses across the U.S. might have been affected by Backoff, a new kind of point-of-sale (PoS) malware, according to the Department of Homeland Security.
 

Enterprise Hardware Spotlight
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Alert: HP Recalls 5 Million Notebook AC Power Cords
HP is recalling about 5.6 million notebook computer AC power cords in the U.S. and another 446,700 in Canada because of possible overheating, which can pose a fire and burn hazard.
 
Acer's New Desktop Box Rides the Chrome OS Wave
Filling out its Chrome OS line, Acer is following the introduction of a larger Chromebook line earlier this month with a new tiny $180 desktop Chromebox and also a smaller Chromebook.
 

Mobile Technology Spotlight
Apple Set To Release Largest iPad Ever
Tech giant Apple seems to have adopted the mantra “go big or go home.” The company is planning to introduce its largest iPad ever: a 12.9-inch behemoth that will dwarf its largest existing models.
 
Verizon Hops on the Voice-Over-LTE Bandwagon
Wireless provider Verizon is gearing up for a nationwide launch of its Voice-over-LTE service over the next several weeks, promising clearer and crisper phone calls and a Skype-like video service.
 
Smartphone 'Kill Switch' Law in California; Will Other States Follow?
California’s new law -- signed by Gov. Jerry Brown on Monday -- aimed at deterring cellphone theft could mean most mobile phones sold in the U.S. will soon include similar “kill-switch” tech.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.