Apr 11, 2014

What does the Heartbleed bug effect beyond websites?

Once website have fixed the vulnerability, will there be any ongoing problems as a result of the Heartbleed bug?

First of all, that should be "affect", not "effect".... !-).

"Heartbleed is a security bug in the open-source OpenSSL cryptography library, widely used to implement the Internet's Transport Layer Security (TLS) protocol. This vulnerability is due to a missing bounds check in the handling of the Transport Layer Security (TLS) heartbeat extension.[3] A fixed version of OpenSSL was released on April 7, 2014, at the same time as Heartbleed was publicly disclosed. At that time, some 17 percent (around half a million) of the Internet's secure web servers certified by trusted authorities were believed to be vulnerable to the attack, allowing theft of the servers' private keys and users' session cookies and passwords.[4][5][6][7][8] The Electronic Frontier Foundation,[9] Ars Technica,[10] and Bruce Schneier[11] all deemed the Heartbleed bug "catastrophic". Forbes cybersecurity columnist Joseph Steinberg wrote, "Some might argue that [Heartbleed] is the worst vulnerability found (at least in terms of its potential impact) since commercial traffic began to flow on the Internet."[12]

A United States Cabinet spokesman recommended that "People should take advice on changing passwords from the websites they use... Most websites have corrected the bug and are best placed to advise what action, if any, people need to take."[13] On the day of disclosure, the Tor Project advised anyone seeking "strong anonymity or privacy on the Internet" to "stay away from the Internet entirely for the next few days while things settle."[14]

Heartbleed is registered in the Common Vulnerabilities and Exposures system as CVE-2014-0160.[15] The federal Canadian Cyber Incident Response Centre issued a security bulletin advising system administrators about the bug.[16]"

Aside from the fact that your information might be out there “in the wild” there will be ramifications for some time to come. The same code is used in many email servers, who knows when those will all be patched. Some routers may also be vulnerable. This will be an issue for some time to come. You might like this article, which goes into it in greater depth.   http://www.afr.com/p/technology/heartbleed_computer_bug_threat_spreads_u...

Answer this