The Heartbleed Bug has affected websites, e-mails, and banking institutions utilizing open SSL/TLS encryption. As the story continues to unfold, IT security experts provide their thoughts on the one of the most significant internet security crises to date
· "[This] underlines the vulnerability of the username and password system as a method of authentication. Username and password is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today." -- Brian Spector, CEO, CertiVox
· "Not all versions of OpenSSL are affected by the latest vulnerability. The 1.0.1 and 1.0.2-beta releases have the bug and a fix has already been implemented. This is one of the benefits of an open source software project. Changes are generally easier to detect and fixes tend to come quickly." -- Steve Pate, chief architect, HyTrust
· "Although we are just finding out about this vulnerability now, it has existed for over two years. That means attackers may have already exploited the vulnerability during that time, stealing passwords, payment card information and other sensitive data without the end-user or business even realizing...” -- John Miller, security research manager, Trustwave
In our previous blog, we mentioned that experts recommend users change the passwords for all of their online accounts to protect themselves from the consequences of the Heartbleed bug. But before changing your passwords for specific websites, first check to determine if you should first check that those sites have adopted the Heartbleed fix. Users can easily check if a site is secure by going to this website.
Dear readers, in this blog article we heard some expert opinions. Now, we are interested in your personal opinion! What do you think about the Heartbleed Bug and how did it affect you?
You must be registered in order to write comments. To register as a new user click here.
If you're already registered, please leave a comment here