In recent days, the discovery of a flaw in internet security called “Heartbleed” has raised concerns over the safety of data transmitted over the internet.
According to a website established by the coders who discovered the bug, this is a serious security concern that dates back to 2011 and exploits a gap in SSL, one of the most commonly used encryption methods.
“For those service providers who are affected this is a good opportunity to upgrade security strength of the secret keys used,” the site reads. “Although this is painful for the security community, we can rest assured that infrastructure of the cyber criminals and their secrets have been exposed as well.”
What’s dangerous about this flaw is that it could allow outside attackers to randomly access a server and download chunks of memory at units of 64K at a time, including sensitive financial information. What’s more, they can do so without a leaving any trace of their activity, representing a major IT risk.
The software experts from Codenomicon suggest that this can be used as a learning experience in order to lead to better security procedures where situations like this are concerned.
While the bug has been accounted for by major online services such as Google and Facebook, Reuters reports that other companies including Cisco could be vulnerable as well.
Network management can be a more difficult task when such hazards exist and make even the most familiar systems suspect to damage. Even though there seem to have been some steps made to recover from this problem, CNET reports a list of websites that may have been affected, according to the test provided by Qualys, and several clients could still be vulnerable. This is important to consider when reviewing potential partners and customers and identifying possible risks.
