Heartbleed: Eight Tips and Strategies for Keeping Safe

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
Next Heartbleed: Eight Tips and Strategies for Keeping Safe-8 Next

Use two-factor authentication

This is a strong example of the need for time-sensitive two-factor authentication. Both pieces of authentication data may be stolen, but as long as one is time-based, it will be useless by the time anyone has a chance to do something with it.

One of the most dangerous IT security threats of all time emerged recently – a bug called Heartbleed, which quickly sent shockwaves throughout the entire industry.

As a result, Fortune 500 organizations have been racing to patch their networks before hackers exploit the vulnerability and steal important, private data. Consumers are also encouraged to change their passwords after the systems have been patched.

The vulnerability emerged from the open source software universe. It was exposed to the Internet before a patch was made available, technically making it a zero-day vulnerability, and forcing IT administrators and security analysts to respond as quickly as possible to a previously unknown threat.

OpenSSL provides encryption to services such as SSL and TLS, which are primarily used for securing Web application traffic and reducing the risk of someone stealing credentials or other sensitive data while in transit. The vulnerability arose from a simple programming error in certain releases of the OpenSSL library (1.0.1-1.0.1f). It's technically referred to as a Buffer Over Read in that once the exploit is successful, 64k of the server's memory 'leaks' and can then be viewed by an unauthorized party.

This is significant in that very sensitive data can be contained within the server's memory, which could include anything from usernames, passwords, account numbers, private keys, session tokens and much more. Successful exploitation of this vulnerability is also trivially easy to pull off, opening the door for many unskilled 'hackers' to gain access to sensitive, private information.

What's more, if secret keys are stolen, this can allow the attacker to man-in-the-middle any traffic destined for the application, allowing them to snoop on private and sensitive application interactions such as financial transactions.

Here are eight important tips and strategies to keep data safe, as identified by LogRhythm Labs.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

biometrics Biometrics: Moving Far Beyond Fingerprints

Biometrics are changing the way we think about security. Here are some of the more innovative ways biometrics are being used and what we can expect in the future. ...  More >>

Privacy rollback Security Pros Give Their Opinions on ISP Data Privacy Rollback

IT staff, organization leaders, and the average citizen have all expressed levels of concern over the FCC about-face in regard to ISP privacy. Here’s what the security experts say. ...  More >>

IT security skills 7 Top Skills for Security Pros

Executives at several top tech firms outline the skills they need now and in the near future, including IaaS and IoT security expertise. Other skills listed may surprise you. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.