CW+ Premium Content/Computer Weekly

Thank you for joining!
Access your Pro+ Content below.
13 May 2014

Datacentre lessons learnt from Heartbleed bug

The Heartbleed bug, an OpenSSL cryptographic library flaw that allows attackers to steal sensitive information from remote servers and devices, affected nearly two-thirds of websites. Ever since the bug was made public, hardware, software and internet service providers have moved quickly to apply patches and advise customers to change passwords. But what datacentre lessons can be learnt from Heartbleed? Heartbleed was introduced to the OpenSSL code in December 2011, but the bug was only made public on 8 April 2014 after researchers at Google and Finnish security firm Codenomicon discovered that a coding flaw could enable hackers to access unencrypted data repeatedly from the memory of systems using vulnerable versions of OpenSSL. The bad news with the Heartbleed bug is that there is no data on the server than can be used to determine if you have or have not been compromised, said Erik Heidt, Gartner research director. This means response has to be fast, holistic and strategic. “Organisations that just apply the patch and do not ...

News in this issue