+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 
  • Home
  • tech
  • Many big companies are still vulnerable to the biggest computer bug ever discovered, report says

Many big companies are still vulnerable to the biggest computer bug ever discovered, report says

Cale Guthrie WeissmanApr 7, 2015, 22:34 IST

The computer bug Heartbleed was discovered one year ago, but many companies and individuals are still seeing its effects, according to a new report released on Tuesday by security firm Venafi (via Fortune). Heartbleed, which has been referred to as one of the biggest computer vulnerabilities ever discovered, was a critical flaw that enabled hackers to steal data that was considered secure, as well as the encryption keys.This meant that servers storing critical content like passwords, usernames, and other critical data were accessible to hackers that picked up on the vulnerability. Companies have had the last twelve months to completely fix bug, but most have not, as Venafi discovered in its audit of 2000 Forbes Global companies affected by Heartbleed."3 out of 4 Global 2000 with public-facing systems vulnerable to Heartbleed are still open to breach," the report said. This means only 416 companies have fully defended themselves against the havoc Heartbleed could wreak.

It's taking companies such a long time to react because the vulnerability is so fundamental that merely patching the problem wouldn't do the trick. At the time it was discovered, security experts said that a complete overhaul would be necessary to fix the problem. Beyond patches, all keys and certificates would need to be revoked then replaced.

Most companies have not done this."Venafi has identified 580,000 hosts belonging to Global organizations that have not been completely remediated," writes the report.This means that although companies may have patched the problem (in fact, everyone company has), they haven't performed the second and third steps of revoking and replacing all of the necessary keys. These two tasks are necessary to fend off future attacks."Failure to revoke the old certificate enables the attacker to use the old certificate in phasing campaigns against the organization and its customers," Venafi explains.In short, unless all bases are covered, attackers can still attack these companies and gain access to this private data.

NOW WATCH: This Excel trick will save you time and impress your boss

Please enable Javascript to watch this video
Latest Stories
9 health benefits of drinking sugarcane juice in summer
10 benefits of incorporating almond oil into your daily diet
From heart health to detoxification: 10 reasons to eat beetroot
Why did a NASA spacecraft suddenly start talking gibberish after more than 45 years of operation? What fixed it?
ICICI Bank shares climb nearly 5% after Q4 earnings; mcap soars by ₹36,555.4 crore
Trending News
Next Article
Next Story
Popular Categories
Trending Right Now

Copyright @ 2024. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.