Talk of the Heartbleed bug these days is usually reserved yesteryear’s memories, the threat long forgotten and assumed outdated by our superior modern technology. However, recent research, as discussed by Bloomberg, shows a very different story.
Heartbleed was that memory-handling flaw in OpenSSL software uncovered in April that allows small bits of data in each “heartbeat” to be revealed. This can give attackers with the right know-how access to secret keys protecting user names, passwords and other digital data. Once obtained, an attacker can hack deep into an enterprise’s network to cause even more damage. An estimated two thirds of all websites were said to be vulnerable.
The recent research has discovered that simply many companies have been lax in their implementation of the necessary patches and software updates. Some did not take action for more than a week after discovery, leaving ample time for an attacker to do much damage. According to Venafi Inc, more than half of the Forbes Global 2000 list of the most profitable companies have servers not fully protected.
Legal Risk Factor Beneath Ripple’s Lawsuit from SECGo to article >>
The most recent high profile case was that of Community Health, where Chinese hackers obtained information of 4.5 million patients by exploiting their Heartlbleed vulnerability.
Bitcoin, which is especially susceptible to hacking and theft, is made even more vulnerable by the bug. Several exchanges and wallet companies took precautionary measures immediately after news of the threat broke.