Posts Tagged ‘Heartbleed Bug’

Many Still Vulnerable to Heartbleed Bug

Friday, June 27th, 2014

 

You may remember that several months ago the IT security world was rocked by the exposure of the Heartbleed bug. The bug, which affects OpenSSL, exposed vulnerabilities in 600,000 servers, leaving account information and passwords vulnerable on thousands of websites. Users on websites including Facebook and eBay were encouraged to change their passwords and use different passwords on every site.

 

Soon after the discovery of the bug, a massive effort to patch vulnerable servers began. Within one month, nearly half of the 600,000 vulnerable servers had been patched, with 318,239 still vulnerable. Unfortunately, this rate has not held in the second month of knowledge of Heartbleed’s existence. Since the initial rush to patch in the first month, only about 9,000 servers have been patched, leaving 309,197 still unprotected.

 

The slowdown can be attributed to the initial rush by the big online players with the resources to patch their servers doing so as soon as possible. Smaller online companies, however, have not made the same efforts, and the number of servers being patched is expected to continue to decrease. Even though new, non-vulnerable servers are coming online, it is expected that many of these vulnerable servers will continue to function for a long time to come. It is for this reason to internet users should use different passwords for all their accounts. In addition, you can determine whether or not a website is vulnerable using this free checker from McAfee.

 

 

Heartbleed bug

 

About DHA Group, Inc.

DHA Group, Inc., headquartered in Washington, D.C., is an award-winning management consulting and contracting firm primarily serving federal civilian and defense agencies. DHA Group supports clients’ mission-critical work by delivering expert professional services. Since DHA Group’s 1994 founding, our ability to improve productivity, cost effectiveness and efficiency has contributed to significant corporate growth and earned us a reputation for quality, value and excellence. For more information about Government Makes Research Data Available, please visit us atwww.dha-inc.com or call 202-347-9865, or join the conversation on FacebookLinkedInTwitter or Google+.

Source

http://www.zdnet.com/heartbleed-over-300000-servers-still-exposed-7000030813/

 

Heartbleed Bug Information for Washington D.C. Internet Users

Friday, April 11th, 2014

Heartbleed bugIf you’ve been paying attention to the media lately, you’ve probably heard a lot about the Heartbleed Bug, but there’s a good chance that you haven’t actually learned a whole lot about it that makes sense. Media outlets tend to report in a way that is more confusing than anything. If you have an account on any social media or major website, you need to be aware of what the Heartbleed Bug affects as well as what precautions you can take against it.

What is the Heartbleed Bug?
This is a programming error that allows hackers to easily get past the OpenSSL Certificates that Internet pages use to keep information encrypted and safe. Basically, it allows people to easily steal usernames and passwords, thereby getting any and all information that they want. They can also pose as the company, sending out email under the company name and asking you to do things like change your password or other information. It’s important that you’re diligent in paying attention to what comes through your email. Don’t trust anything that isn’t directly on the website.

What information is being leaked as a result of the Heartbleed Bug?
First and foremost, encryption keys are being leaked. These are what makes the Heartbleed Bug so dangerous. It wouldn’t be such a big deal if people weren’t able to impersonate websites themselves. Usernames, passwords, content, and details are also being leaked. Obviously this is an issue for many websites. Some use a different kind of certificate and are protected and some have already started patching and using an upgraded version of OpenSSL that isn’t vulnerable; however, some websites are still vulnerable and you should be aware of this. For a list of websites and their current status in regards to the Heartbleed Bug, you can visit this website

How can I protect myself and my information?
Currently, changing your password is pretty useless in the whole scheme of things. Since the Heartbleed Bug hasn’t been entirely patched yet, your new password could easily be grabbed by the bug. Your best bet is to be careful about what information you put out on the Internet and take down anything you don’t want seen (i.e. credit card numbers, etc). If you’re going to change your password, change it to something strong using a combination of capital and lower case letters, numbers, and symbols.

You can’t protect yourself from everything that goes wrong with the Internet, but you can protect yourself from some things. Employing strong security measures will help protect you from things like viruses, malware, and spyware. Make sure you know how to protect your computer and your information.

DHA Group, Inc., headquartered in Washington, D.C., is an award-winning management consulting and contracting firm primarily serving federal civilian and defense agencies, such as the Department of Justice, including the Federal Bureau of Investigation; the U.S. Army; the Defense Logistics Agency; and the U.S. Patent and Trademark Office. DHA Group supports clients’ mission-critical work by delivering expert professional services, including program management, procurement and acquisition support, project and budget management, information assurance and cyber-security, information technology modernization and sustainment, data integration and information sharing, eDiscovery, systems engineering and business process reengineering. Since DHA Group’s 1994 founding, our ability to improve productivity, cost effectiveness and efficiency has contributed to significant corporate growth and earned us a reputation for quality, value and excellence. For more information about The Heartbleed Bug, please visit us at www.dha-inc.com or call 202-347-9865, or join the conversation on FacebookLinkedInTwitter or Google+.

Source: http://heartbleed.com/