Heartbleed Bug Still Remains a Threat for Unsecured Networks

April 11, 2016 | By Editor 

In April 2014, a security vulnerability rocked the internet community by stealing secret keys and affecting millions of computers worldwide. The CVE-2014-0160 bug affected the OpenSSL cryptographic software library – an open-source platform that, in its own words, “provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.” The risk of the vulnerability was so great experts estimated that one in every five web servers in the internet was vulnerable to the attack when it was first discovered.

The word about the bug’s intensity and impact on the internet had became so widespread that it got an interesting moniker, i.e. Heartbleed, and a cool logo that symbolized a maimed heart dripping in blood.

In the months that followed, IT companies created patches to stop Heartbleed from affecting computers and thwart hackers from compromising sensitive data. However, two years later after Heartbleed’s peak notoriety, the vulnerability still seems to pose some danger to corporate networks and individual computers.

Security experts at Comodo Threats Research Labs have found that many organizations, instead of placing new certificate signing requests (CSR), are still using key requests that they used during the time when Heartbleed attack first came to be known – or even worst – that date back as old as 2007. In a hurried measure to get SSL certificates for their websites, many corporations including those listed in Global 2000 companies assume that they are safe against the Heartbleed vulnerability because it has been patched successfully.

They are not completely false in their assumption; however, every network requires an extensive system-specific audit and remediation approach to completely purge out Heartbleed from their environment. The bug is still a risk if compromised, unsecured and out-of-date resources are revived without patched security.

Comodo lab researchers have found that many of internet-facing systems in their clients’ networks are still diagnosed with Heartbleed when a vulnerability and penetration tests are carried out, and many of these clientèle includes Fortune 100 companies with touted IT departments.

Security flaws like ShellShock, Heartbleed and Stage fright were defining moments for the security industry that unearthed the lacklustre state of security infrastructure and the use of security tools in the internet community, especially the corporate sector.

In recent years, vulnerabilities like these have not only affected small and mid-size online businesses but widely trusted storefront websites and applications belonging to megacorps such as Gmail, Yahoo!, Minecraft, Intuit Turbo Tax, etc.


<< Corporates Still Behind in Enforcing Security BasicsSuperfish Security Flaw Found To Hit Dell Laptops >>

Posted in SSL

Be Sociable, Share!

Leave a Comment


* fields are mandatory