Security Bug Even Worse Than First Believed

Security Bug Even Worse Than First Believed
Настя Ерёменко

Article by

Настя Ерёменко

Apr 13, 2014

When your computer accesses a website, the website will respond back to let your computer know that it is active and listening for your requests: this is the heartbeat.

The Heartbleed Internet security bug is shaping up to be worse than researchers first realized, possibly compromising routers and other networking infrastructure for a variety of companies.

Cisco, one of the world’s top networking equipment manufacturers, confirmed Thursday that it’s investigating dozens of its routers and video teleconferencing devices and software for the Heartbleed vulnerability. Juniper Networks, another top networking company, has also alerted clients some of its equipment has been compromised by Heartbleed. A message posted to Juniper’s service website Friday said many of its systems would be offline through Saturday while the company performs maintenance.

Heartbleed bug: What you need to know

Cisco and Juniper have warned that detecting and closing the Heartbleed vulnerability in their equipment won’t happen overnight, leaving the companies’ clients in a state of anxious limbo as they work to determine if any of their data has been compromised.

The Heartbleed vulnerability takes advantage of a flaw in OpenSSL, a free encryption protocol used by thousands of websites around the world to protect visitors’ sensitive data, such as usernames and passwords. Heartbleed essentially lets hackers get an undetectable look at the data transmitted between a user and a server after it’s been decrypted.

How to Protect yourself from the 'Heartbleed' Bug

Heartbleed was introduced to OpenSSL about two years ago, but only became public knowledge this week. That disclosure forced many companies to scramble to patch their code before hackers could take advantage of the flaw. Many experts first believed Heartbleed’s impact might be limited to web servers, but Cisco’s and Juniper’s announcements suggest the bug is much more widespread—and potentially catastrophic—than initially thought.

The Department of Homeland Security said Friday that public-facing federal websites aren’t affected by the Heartbleed vulnerability. The government is also “continuing to coordinate across agencies” to keep federal websites protected from the bug, DHS said.

Heartbleed Sheds Light on NSA's Use of Bugs

Comments (2)

You must Register or Login to post a comment

1000 Characters left

Copyright © GLBrain 2019. All rights reserved.