Heartbleed

Why Does My Linux HeartBleed?

October 11, 2014 Leave a comment

image

If you thought that the HeartBleed has been the worst thing that can happen in the cyber world, you should better think twice. Why? Because we thought that the Linux was supposed to be the cyber land of the free. Wrong again. There is a HeartBleed version designed especially for the Linux world.

This vulnerability has a very nice and appropriate name. It is called the ShellShock. Compared to it, our good old HeartBleed seems like a kid’s toy. If you are up to full and unprecedented control, then the ShellShock is the right hacking thing for you. With this one you get the both worst scenario things.

Not only the keys to all rooms of your house, but also all remote controls for all of your devices. So, where should we go next? Both Windows and Linux are seriously compromised. The only what is left “untouched” are the mobile platforms, such as Android, IOS and Windows Phone. Is this enough?

How long before our mobile heart begins to bleed here, as well? How long before we experience the new mobile shock within or outside the shell? Can we fight the future for a change, at least once? How hard could it be? Otherwise, the only reasonable remaining option for us would be to get back in the caves.

Heartbleed’s Heartrate

September 3, 2014 Leave a comment

image

Here are some extremely disturbing Heartbleed related statistics. Nowadays, the Heartbleed hackers attack 3,47 times per second. So what, one may see? Well, the trouble with the Heartbleed curve is that this menace has become an inevitable race against the time, with the very poor odds in your favor.

Although, the time gaps and discretely opened doors are left open and undefended for a very short time period, this is more than enough for the highly skilled hackers. Before you are able to come up with the life saving update or patch, you can rest assured that your heart has already bled.

And, there is not much you can do about this one. You are doomed to race against the single second of time you have to identify and eliminate a certain security flaw. Now, you see the whole picture. Now, you realize why it is hard to deal with the Heartbleed security threat adequately.

After this amusing, but a little useless lecture, you can ask yourself what can we really do about it? Maybe, the smartest and easiest solution would be to make one of the former heartbleeders to bleed for us, for a change. Otherwise, it is highly unlikely that we win the one second race. For now.

The Heartbleed Can’t Stop Bleeding

August 31, 2014 Leave a comment

image

Does it really have to be this way? Once you get a visit of a serious cyber threat, you always have to be on alert. Why can we do it this way? We have identified a new security menace. We will find a cure for it. Now, let us forget about it, and get back to our work. With no fear that a certain malware can trouble us in the future.

Unfortunately, we have to accept the bitter IT destiny. Every now and then, the notorious Heartbleed is to remind us that it is far from retiring. How much more we have to bleed, to be finally free from the Heartbleed, once and for all? It seems that we need more unpleasant reminders, such as this one.

For what is worth, the Chinese Heartbleed warriors are responsible for the unparalleled theft of more than 4,5 million personal patient’s data from one of the largest US hospital chains. Can you imagine that? It is almost like a small state. Now, they can do whatever they want it with no limitations.

When you hear or read something like this, it makes you wonder. What is happening with all those busy little IT security bees in large systems? Have they forgotten to do their job? Or, maybe they think that things like this happen to someone else avoiding them? We are sick and tired of the Heartbleed. How about you?

The Heartbleed Still Bleeds

July 6, 2014 Leave a comment

2177_imela_7

Just when you thought that we are done with the Heartbleed threat, there is some bad news to spoil the mood. As you remember, this was the most serious OpenSSL vulnerability, we have ever seen. The funny thing about it, though, is that we had 600,000 servers potentially jeopardized at the beginning of this unusual crisis. What is the situation right now?

Well, for what is worth, two months after the bug was discovered, we still have more than 300,000 servers left with no appropriate protection. Two months we had to deal with this trouble. And what have we done? We only cut it in half. This is a fantastic example, how we treat our security seriously. We are being ironic on this one. We hope that is obvious.

The trouble with the curve in this matter is that the knowledge about the potential security threat is not enough to eliminate it quickly and efficiently. How much more time do we need to eliminate the Heartbleed completely? Two more months, or maybe two more years? Yes, our dear friends, this is the reality we are living in.

The Heartbleed still bleeds, and there is nothing we can do about it. Can we? It seems that the pressure was not strong enough to make IT security experts do something seriously and quickly about it. Or, maybe we are exaggerating. Maybe, it is too much to ask while demanding to clean 600,000 servers in 6 weeks. Either way, we lose, for sure.