Access your Pro+ Content below.
Datacentre lessons learnt from Heartbleed bug
This article is part of the Computer Weekly issue of 13 May 2014
The Heartbleed bug, an OpenSSL cryptographic library flaw that allows attackers to steal sensitive information from remote servers and devices, affected nearly two-thirds of websites. Ever since the bug was made public, hardware, software and internet service providers have moved quickly to apply patches and advise customers to change passwords. But what datacentre lessons can be learnt from Heartbleed? Heartbleed was introduced to the OpenSSL code in December 2011, but the bug was only made public on 8 April 2014 after researchers at Google and Finnish security firm Codenomicon discovered that a coding flaw could enable hackers to access unencrypted data repeatedly from the memory of systems using vulnerable versions of OpenSSL. The bad news with the Heartbleed bug is that there is no data on the server than can be used to determine if you have or have not been compromised, said Erik Heidt, Gartner research director. This means response has to be fast, holistic and strategic. “Organisations that just apply the patch and do not ...
Access this CW+ Content for Free!
News in this issue
The Heartbleed bug, an OpenSSL flaw affecting millions of websites, has some lessons for datacentre providers and operators
With 50TB of machine-generated data produced daily and the need to process 100PB of data, eBay has an astronomic data challenge