Computer security protocols
I am sure that most people have heard about the recent release of an Internet virus called HeartBleed. This exposes a flaw that would allow an attacker to essentially reverse encryption that for many years people have paid big dollars to use to keep their customers’ data secured. As I am sure that most all computer programmers have handled many calls in regard to this virus, and have had to drop everything in order to throw up patches onto web servers, test sites for vulnerabilities and deal with whatever other twists and turns might arise out of the process.
However, people have asked me why it matters to them if they do not use a secured sockets layer on their website that can be hijacked or have any sensitive data. Well, typically, when flaws like this are discovered the problem isn’t exactly the virus itself. In order for people to exploit these vulnerabilities they are going to need host (dummy) computers. These hackers need to go out and scan the Internet for unimportant websites that they can hack into. They use them to develop BotNets.
In order to crack the encryption on it could take months on your home computer. However, if you string together a pool of computers and have them all working together to crack the encryption, the process is much faster if you have 1,000 different computers all joined together to accomplish the task. It can be done in a couple of hours as opposed to a month or so. So you could also crack the encryption like that. HeartBleed essentially does just as it sounds, you keep pumping the socket for information by sending it a malformed request. This will essentially leak out the private key from memory. That can simply unlock the encryption.
So you need a little preventive care: Monitor your website regularly for anything that looks out of place and call a qualified developer immediately if you see a problem. Otherwise, you may run into a serious problem that can lead to a loss of everything on your web server.
- Most Popular
- Most Emailed