Tuesday, April 8, 2014

Heartbleed Security Flaw Discovered

 A major weak point in OpenSSL, the open-source encryption technology used in a majority of Web servers, has been discovered. The flaw has been named “Heartbleed.” This flaw is concerned with secure sites that are labeled with an HTTPS. Usually these sites are where people input personal data such as names, credit card numbers, passwords, and addresses. The flaw was discovered by a Google researcher and an independent security firm from Finland called Codenomicon. The bug is said to have been the result of a minor coding error. This error however can affect so many users. The bug has been discovered by the researchers last week and the researchers have since published their findings. The bug however, has been present for around 2 years. This means that any exchange of information that has happened within the last two years could have been stolen. This specific flaw is not as easy to fix. This requires both the sites that have been affected and the users who visited and used the sites to take action. Most major websites have already taken action to secure their sites but there is still a lot to be done.
Cyber security is always being compromised today. There are always new bugs, viruses, etc. that are being discovered. The article discussed a vulnerability that is specifically threatening. It affects two-thirds of the websites today that have a secure site. It also affects all the individuals that have used these sites within the last two years. Tremendous amounts of information such as credit card numbers and other personal information can be stolen through the Heartbleed bug. As technology progresses and security increases there also seem to be more ways that also compromise security.
There are several things that can be questioned in this scenario. How was the error in coding made? Why was the bug not detected earlier? These are serious questions that need to be addressed so that in the future coding errors that could lead to such vulnerabilities will be prevented or detected earlier. Another question is whether or not this vulnerability has been discovered by other people that could use it to exploit the information they gathered. So many vulnerabilities and new viruses and bugs that are coming out make it imperative to improve security. Companies should develop ways in constantly checking security because new things come up. Companies should invest heavily in research about security because it affects not only their firms but more importantly their users. Data breaches can definitely reflect poorly on companies and cause their consumers to lose trust.
Cyber security is always being compromised. There are always new things that come out compromising security. Companies, service providers, servers, etc. need to monitor security constantly. New ways should be developed to detect errors and vulnerabilities earlier. Minor coding errors that could lead to huge data breaches should not be permitted to occur. Detection of such errors should be expedited. Cyber criminals are becoming more and more clever and sophisticated. Coding errors like this could be easily exploited by these criminals.


No comments:

Post a Comment