Protect Your Assets
Showing results for 
Search instead for 
Do you mean 

Heartbleed still causing heartburn

markpainter ‎05-22-2014 07:34 AM - edited ‎07-06-2015 01:13 PM

I recently estimated that within three weeks of the release of the Heartbleed security vulnerability, roughly 70 percent of organizations would have it resolved. It’s a good thing I wasn’t in Vegas when I made that prediction because I’d have lost that bet.  Roughly six weeks later, over half still haven’t corrected the problem. Some organizations simply might not need to implement the fix (or at least think they don’t) because the data does not require protection.  Some might not be aware they are vulnerable. Some might no longer support that implementation. But I suspect for most of the laggards, the complexity of their implementations is slowing down the fix rate, and that it’s not a lack of desire. Here are a couple of examples that shows the true scope of implementing the fix.  And of course, they just happen to reflect critical infrastructure.

 

This is a very perilous time for organizations who are vulnerable as knowledge of the attack is widespread and affected sites are actively being hunted.  It’s a dangerous time for users, too.  A recent survey found that 47 percent of people who heard of Heartbleed and knew of the danger still haven’t changed passwords.  It’s counterintuitive, but this is actually an instance when laziness is not necessarily a bad thing. If the fix hasn’t been implemented, then changing your password does no good. In fact, it could do harm by revealing your new password.

 

There is no doubt users are eventually going to be tasked with having to protect themselves to a much larger extent than they do now.  That job becomes exceedingly harder, though, when timing needs to be part of the decision.  The waiting really is the hardest part.  And when corporations and security experts can’t agree about what users should do, it becomes that much more confusing. For my part, I changed all my passwords upon release of the vulnerability, and have been doing so again as each impacted site releases their fix information.  Put simply, we’ve got a long way to go before we are out of the woods on this one.  Stay tuned.

0 Kudos
About the Author

markpainter

Events
27 Feb - 2 March 2017
Barcelona | Fira Gran Via
Mobile World Congress 2017
Hewlett Packard Enterprise at Mobile World Congress 2017, Barcelona | Fira Gran Via Location: Hall 3, Booth 3E11
Read more
Each Month in 2017
Online
Software Expert Days - 2017
Join us online to talk directly with our Software experts during online Expert Days. Find information here about past, current, and upcoming Expert Da...
Read more
View all