Some Devices May Never Recover From The Heartbleed Bug, Report Says
Business Insider
The Heartbleed bug affects OpenSSL, a popular data encryption standard used widely across the Internet.
OpenSSL is also used in the software that connects home and office devices to the Internet, and could live on for years in connected home devices and networking hardware because they're not updated very often, MIT Technology Review reports.
These devices can include cable boxes and Internet routers, Philip Lieberman, president of security firm Lieberman Software, said to MIT.
These types of devices often run a basic Web server that allows administrators to access control panels online. Often, these servers are secured with OpenSSL, meaning they'll need to be updated following the Heartbleed bug discovery.
The case is similar for many companies, MIT reports, since enterprise-ready network hardware and business automation systems also rely on OpenSSL. These devices are also rarely updated, according to MIT:
Large-scale scans of Internet addresses have previously uncovered hundreds of thousands of devices, ranging from IT equipment to traffic control systems, that are improperly configured or have not been updated to patch known flaws.
Jonathan Sander, strategy and research officer for STEALTHbits Technologies, made the following analogy in MIT's report, emphasizing how difficult it could be to track down every gadget affected by Heartbleed.
OpenSSL is like a faulty engine part that's been used in every make and model of car, golf cart and scooter.
Although the bug has just been uncovered days ago, it's unclear exactly how long it's been affecting OpenSSL. Mark Shloesser, a security researcher for IT security company Rapid7, told MIT that it may impact anything based on a version of OpenSSL that was created between now and December 2011.
The Heartbleed bug was discovered earlier this week by Google Security's Neel Mehta and a team of engineers at Codenomicon. The issue is particularly harmful because it can trick servers into spitting out huge chunks of data, which means user passwords, credit card numbers, and other types of sensitive information are at risk of being compromised. Users are being advised to change their passwords as a safety precaution.
- I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real.
- I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
- Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
- Indian Railways to break record with 9,111 trips to meet travel demand this summer, nearly 3,000 more than in 2023
- India's exports to China, UAE, Russia, Singapore rose in 2023-24
- A case for investing in Government securities
- Top places to visit in Auli in 2024
- Sustainable Transportation Alternatives