What is Heartbleed and what's the damage?

by Eli

in The WM Blog

on 15 April 2014

Heartbleed is the unofficial, yet public name for a software vulnerability in a popular encryption library.

Whilst OpenSSL is supposed to protect sensitive data, it has, inadvertently, been harbouring a dangerous vulnerability that allows a malicious attacker to quite easily steal sensitive data. The level of data that could be obtained, would be straight from a server's memory - meaning passwords, communications, secret keys and... well you get the idea. The vulnerability was made public on April 7, and a fix has since been made available. All web hosts and companies are responsible for ensuring their servers are either patched with a fix, or have the latest version of Open SSL available. All customers of Webmaster Studios are safe from the exploit. But it should be stressed that a large chunk of the internet uses OpenSSL technology for encryption.

The damage caused won't be known for a while. Therein lies the problem. The server leaves no trace of such attacks and any victim wouldn't know they have been hacked until things really start to go wrong. How much has already been hacked is a mystery. The frightening aspect of the story is that this vulnerability has been present for the last 2 years. Except... the public didn't know about it. If criminal minds did know of this - then who knows what's been stolen and what hasn't. The extent of the damage won't be realised probably for a while.

What everyone can do now however, is ensure, that their servers/websites are patched and up to date. Ensure you have given yourselves new passwords across the board. It is standard IT practice to ensure passwords are regularly updated - for this very reason. Because security patches are always released, and there is always that threat. It becomes daunting memorising so many passwords, and perhaps a good strategy is to add a prefix or suffix to existing passwords - thereby, aiding memory.

Webmaster Studios is currently assisting various companies in performing security checks and ensuring sites and servers are protected.

News

Council Meeting Timer

Moving into the new Virtual Environment as a result of the covid pandemic has created a new way of working. We've create a simple digital clock to enable council meetings to run with a speaker timer, which can even be used in Zoom meetings.

Are Initial Coin Offerings (ICOs) Really That Complicated?

While there are highly diverse opinions about the worth and potential of this form of fundraising, one thing's for certain - ICOs have consistently proven to be a difficult concept to grasp for any person who's not particularly crypto or tech-savvy

Finalist for Individual Achievement - MAV Awards

Hobsons Bay City Council hosts a variety of system in order to deliver customer service excellence, and maintain the demanding needs of today’s system and process requirements.

Australasian Association For Engineering Education

Australasian Association for Engineering Education. AAEE (a technical society of Engineers Australia) is a professional association of academics, support staff, postgraduate students, librarians, professional engineers, and employers who all have vested interests in fostering excellence and innovation in engineering education.

Business on the Cloud

There's a lot of hype concerning "the cloud". A lot of the time, it is just that - "hype". But for many businesses, working on the cloud is the right solution. Tunnelling Solutions is one of these businesses.