Collective tips from ESET Researchers and White Hat Hackers on handling Heartbleed menace

24th April 2014 | By Mouseworld Now Correspondent |

ESET-LOGOBANGALORE, India – April 24, 2014: ESET, a leading provider of security solutions for businesses and consumers, has warned that Heartbleed bug causing widespread alarm on affecting more than feared and could affect billions of users like websites, internet users, and smartphone users. Heartbleed Bug is used to extract private SSL Keys and it allow Malicious Individuals to extract Information invisibly during an Encryption process. It affects the open-source encryption software OpenSSL – which is used on millions of web servers which has been undiscovered for more than two years. 
In recent past, Heartbleed bug has affected at least 500,000 sites and millions of users by the small programming error did by the student, who has spoken of his regret at the incident. Any smartphone not protected by “enterprise grade” security may be at risk due to the apps.

Heartlbeed’s ability to steal private keys raised the scope of Heartlbeed considerably. Having access to these private keys means hackers can return even after the Heartbleed exploit has been removed through the window. Hackers can only cease to have access to these keys once the server’s security certificates are all updated. It means fixing the bug may not solve the problems Heartbleed has created. Anyone possessing the private key can use it to host an impostor site that is virtually impossible for most end users to detect.

Two white-hat hackers were able to extract keys and were able to use Heartbleed to extract private keys in a competition set up by data security company CloudFlare. The source of the bug, which has been active for at least two years, was errors introduced by a PhD student writing for the open-source company OpenSSL.

ESET Researchers and White Hat Hackers have come up with some collective recommendations to arrest the menace:

  •  Upgrade your OpenSSL servers to 1.0.1g or recompile -DOPENSSL_NO_HEARTBEATS
  •  Update your Server’s security certificates
  •  Embedded devices using OpenSSl should also upgrade to newer versions
  •  Always check servers logs to have a check on Heartbleed exploits
  •  Change passwords consequently of all the online services you use (Please note: This bug could steal passwords, credit card details and even encryption keys, without trace)
  • Change your password and don’t use ‘password’ as your new password
  • Note that, Vulnerabilities for consumers using “desktop” browsers are more on their visit of websites that may be running bogus server code
  • Download smartphone applications from authorized websites as some of the apps were vulnerable to Heartbleed bug
  • Last but most important thing is that, everyone should reissue and revoke your private keys

Tags: , , , , , , ,

Leave your comment

IMPORTANT! To be able to proceed, you need to solve the following simple math

What is 14 + 13 ?
Please leave these two fields as-is:

Mouseworldnow Videos
  • r chandrashekhar president nasscom
  • Anant Maheshwari, President, Microsoft India
  • Suresh_Vaswani-220 by 220

Channel News

  • Second Edition of Annual 4.5G & 5G Innovation Summit concludes on a successful note more...
  • Wydr launches India Wholesale E-Fair more...
  • Snapdeal clocks record 3x growth in Kids Category more...
  • Paytm ensures 100% security for users’ identity in Money transfers more...
  • HP Rolls out Four New PageWide Web Presses more...
Subscribe via email

Enter your email address:

Follow us on Facebook
QUESTION HOUR
What does the mouse ask?

Will the spurt in online video advertisement steal the twinkle from the TV ad platform?

View Results

Loading ... Loading ...
Newsletter Registration