Don’t Be Pestered by Security Vulnerabilities

Posted by Stefanie Kober Fri, 27 Mar 2015 11:31:00 GMT

heardbleed

An intersection. That’s all it takes for a skilled hacker to breach the security of a computer system and attain or tamper with information that was formerly off-limits.

Three elements must intersect for a computer security vulnerability to occur:
 

  1. A system must be susceptible to a flaw.
  2. An attacker must be able to access the flaw.
  3. The attacker must be capable of exploiting the flaw.


In order to exploit the flaw, the attacker must connect to a weakness in the system. If a vulnerability is successfully exploited, the attacker will have reduced the system’s information assurance, meaning, the attacker will have tampered with the use, processing, storage or transmission of information within the system.

Here are three common types of computer security vulnerabilities and how they function:

Shellshock

What is it?
Also known as Bashdoor, shellshock is a family of security bugs that allows attackers unauthorized access to computer systems.

How does it work?
Many web server deployment services use the Bash Unix Shell, or the command-line interpreter that provides a user interface for the Unix operating system, to process certain requests. An attacker can use shellshock to interfere with these requests and send out arbitrary, unauthorized commands, typically denials of service.

POODLE

What is it?
POODLE stands for “Paddling Oracle On Downgraded Legacy Encryption.” It is a type of man-in-the-middle attack, meaning that the attacker has the ability to monitor and alter messages in a communication channel.

How does it work?
POODLE attacks take advantage of websites and software using SSL 3.0. Once an attacker exploits a system’s vulnerability, they must make, on average, 256 SSL 3.0 requests to expose one byte of encrypted data. 

Heartbleed

What is it?
The Heartbleed bug arises from the incorrect input validation when implementing the Transport Layer Security (TLS) heartbeat extension.

How does it work?
This type of computer vulnerability is known as a buffer over-read, a computer security anomaly that occurs when a program reads accessory data from a buffer. With the Heartbleed bug, the program will extend beyond a buffer’s boundary and read any other information available in the program’s adjacent memory. In short, Heartbleed allows attackers access to more information than permitted. 

Bug Repellent
In order to repel these bugs from your system, make sure that your software is up to date and that your system is operating under the highest security standards.

HOB RD VPN employ secure SSL security measures and has received the Common Criteria EAL 4+ certification from The German Federal Office for Information Security. This prime example of “IT Security Made in Germany” can act as bug repellent for your system, ensuring that your operations can continue free from the looming threat of security exploitations.
 

no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment