Some Devices May Never Recover From The Heartbleed Bug, Report Says
Business Insider
The Heartbleed bug affects OpenSSL, a popular data encryption standard used widely across the Internet.
OpenSSL is also used in the software that connects home and office devices to the Internet, and could live on for years in connected home devices and networking hardware because they're not updated very often, MIT Technology Review reports.
These devices can include cable boxes and Internet routers, Philip Lieberman, president of security firm Lieberman Software, said to MIT.
These types of devices often run a basic Web server that allows administrators to access control panels online. Often, these servers are secured with OpenSSL, meaning they'll need to be updated following the Heartbleed bug discovery.
The case is similar for many companies, MIT reports, since enterprise-ready network hardware and business automation systems also rely on OpenSSL. These devices are also rarely updated, according to MIT:
Large-scale scans of Internet addresses have previously uncovered hundreds of thousands of devices, ranging from IT equipment to traffic control systems, that are improperly configured or have not been updated to patch known flaws.
Jonathan Sander, strategy and research officer for STEALTHbits Technologies, made the following analogy in MIT's report, emphasizing how difficult it could be to track down every gadget affected by Heartbleed.
OpenSSL is like a faulty engine part that's been used in every make and model of car, golf cart and scooter.
Although the bug has just been uncovered days ago, it's unclear exactly how long it's been affecting OpenSSL. Mark Shloesser, a security researcher for IT security company Rapid7, told MIT that it may impact anything based on a version of OpenSSL that was created between now and December 2011.
The Heartbleed bug was discovered earlier this week by Google Security's Neel Mehta and a team of engineers at Codenomicon. The issue is particularly harmful because it can trick servers into spitting out huge chunks of data, which means user passwords, credit card numbers, and other types of sensitive information are at risk of being compromised. Users are being advised to change their passwords as a safety precaution.
- US buys 81 Soviet-era combat aircraft from Russia's ally costing on average less than $20,000 each, report says
- 2 states where home prices are falling because there are too many houses and not enough buyers
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- 9 health benefits of drinking sugarcane juice in summer
- 10 benefits of incorporating almond oil into your daily diet
- From heart health to detoxification: 10 reasons to eat beetroot
- Why did a NASA spacecraft suddenly start talking gibberish after more than 45 years of operation? What fixed it?
- ICICI Bank shares climb nearly 5% after Q4 earnings; mcap soars by ₹36,555.4 crore
- Nothing Phone (2a) blue edition launched
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market