Heartbleed Bug and Your Security
What To Expect For Web Design in 2014
January 28, 2014
Millions of Websites Down.. And How It Could Have Been Avoided With Disaster Recovery
April 17, 2014
By now you have probably heard about the “Heartbleed Bug” via various media announcements. The Heartbleed bug is a security vulnerability in OpenSSL cryptographic software library used to secure applications such as online banking, email, secure file transfers, and secure e-commerce transactions.
You will be pleased to know that ABORG was NOT affected by this bug as none of our servers were running the affected version of OpenSSL.
Security vulnerabilities open up on a regular bases – that is not news – it is a fact. A well maintained and administered server or personal computer is the most secure.
Security Best Practices Include:
- installing and updating an anti-virus program
- maintaining good firewall practices AND
- regular updates of software and security patches from the manufacturer will provide you with proactive, NOT reactive, security.
Encryption is a complex field – good practice is not. 🙂
On an interesting note, we have never seen a security vulnerability come out with its own website and branding (logo). The disclosure of this security issue was criticized by some vendors as well-packaged PR stunt by a security firm. Does anyone else find this rather odd if not intriguing? The news stories in main stream media paint slightly different pictures then IT security news.
It’s definitely not all hot air, the vulnerability is real but it could have had been handled much better by the industry instead of coming out as a fear mongering campaign that hurt a lot of large retailers and governments and created unnecessary panic for consumers. It’s definitely good for news business as it generates a lot more views by a concerned public. Another positive – users might become more vigilant and end up updating their passwords that never hurts.
However, we also foresee a flood of phishing emails related to Heartbleed bug claiming to have password reset links in them. Since there is no data or proof on how much data was lost during the vulnerability period, it’s quite possible to foresee more information stolen through scam and malicious activity that capitalizes on the news about the bug.
