Home    Bloggers    Messages    Resources   
Tw  |  Fb  |  In  |  Rss
Richard Adhikari

Heartbleed May Affect BYOD Devices

Richard Adhikari
Page 1 / 2   >   >>
michaelsumastre
michaelsumastre
5/31/2014 9:04:23 PM
User Rank
Five Bars
Re: New Code
@RichardA1!: You're damn right about that. If we want to end this type of security problem or at least send a very strong message to these well-oiled hackers, you need to be as strong and as fortified as they are--we need to let them know we KNOW what and how they're doing it. Of course, we really don't because we don't give priority and resources on it. 

50%
50%
Anand
Anand
5/7/2014 8:12:13 AM
User Rank
One Bar
Re: New Code
I think many people are having a short term control to the problem arising due to Heartbleed Vulnerability, but we have to agree that it is not that simple to solve this problem. But you should have this in you mind that OpenSSL is used by almost all websites around the world, it is also a library relied on by almost all networked software. I am still waiting to see the long term solution of this problem.

50%
50%
RichardA1!
RichardA1!
5/6/2014 3:45:29 PM
User Rank
Five Bars
Re: New Code
Heh...Netcrawl...A military axiom holds that you need 10x as many troops to defend an installation (village, fort, town, whatever) as there are attackers - especially the hit-and-run type of raiders...which hackers are...the problem won't go away...

50%
50%
RichardA1!
RichardA1!
5/6/2014 3:43:10 PM
User Rank
Five Bars
Re: New Code
On the money there, Netcrawl...OpenSSL is a library...which means it has lots of code...that users can amend or just use...the good thing is that some of the large commercial companies are now beginning to throw some weight behind OpenSSL, though it remains to be seen just how much they contribute in terms of money and manpower...

50%
50%
Razia
Razia
5/6/2014 1:45:02 PM
User Rank
One Bar
Re: New Code
@Netcrawl. In fact it takes a while to put in the right patch. Most hackers exploit the intermediate time, when the bug is introduced and professionals are frantically working to protect the systems. Hackers have the initiative and reaction definitely comes time to plug in the loopholes. This happens every time we encounter such problems.

50%
50%
Netcrawl
Netcrawl
5/5/2014 9:30:46 PM
User Rank
Five Bars
Re: New Code
thanks for that @Richard, for me its a big deal because OpenSSL isn't just a piece of software, its a librarry where every pieces of networked software relied on, and   used in nearly every server we might connect to- a huge mess.   

50%
50%
RichardA1!
RichardA1!
5/5/2014 10:50:40 AM
User Rank
Five Bars
Re: New Code
Actually, NetCrawl, this problem will take years to resolve, some experts have told me. It's not always possible or feasible to update or patch a Website and every server needs to be checked...expect the mess to continue for a few years...

50%
50%
RichardA1!
RichardA1!
5/5/2014 10:48:56 AM
User Rank
Five Bars
Re: New Code
Right on the money, MobileSuze

50%
50%
RichardA1!
RichardA1!
5/5/2014 10:48:08 AM
User Rank
Five Bars
Re: New Code
Good point, MobileSuze. I'm including the URL to a blog by Matthew Green, a cryptographer and professor at Johns Hopkins University, who discusses Heartbleed and shows how to turn off the problem:

 

http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

50%
50%
RichardA1!
RichardA1!
5/5/2014 10:45:05 AM
User Rank
Five Bars
Re: New Code
This is always the problem, Tank; every time you change a line of code you have to take into account all the hooks and calls it makes...something people are not always aware of, which is why some software patches introduce new problems...

50%
50%
Page 1 / 2   >   >>
More Blogs from Richard Adhikari
Users who jailbreak or root their smartphones pose a very real threat to enterprise security.
Enterprise IT may have to prepare for changes now that Samsung has released its Tizen smartphone.
Thatís right, BYOD systems will soon extend to wearables, and IT had better begin laying the groundwork for this.
Many mobile apps use the OAuth open standard for authentication to let widgets access services, but overuse could be dangerous.
Protecting against SQL injection attacks, which have been around forever, is difficult, and BYOD makes things worse.
flash poll
follow us on twitter
like us on facebook
The Mobility Hub
About Us     Contact Us     Help     Register     Twitter     Facebook     RSS