Blog

Heartbleed Flaw Not a Conspiracy

Posted by:

Come on We Know You Want to SHARE

New research has shown that the “Heartbleed” flaw probably wasn’t known of before it was made public.

These findings lay to rest conspiracy theories that US government agencies had played a part and that they had been using the weakness for surveillance purposes.

The paper, published by researchers from various universities, showed that attacks using the vulnerability exposed by Heartbleed didn’t take place till after it had been announced.

Over 700 sources used the information to then attack computers with older versions of OpenSSL. These attacks in some cases leaked data from servers, making log-in details and other private information no longer secure.

The researchers used network traffic reports from the National Energy Research Scientific Computing Center, Lawrence Berkeley National Laboratory and Amazon’s EC2 network to look at how many attacks were made, when they took place and where they originated.

It took 21 hours and 29 minutes for the first attack after the Heartbleed information was disclosed publicly on April 7th, 2014.

Over 200,000 network hosts, weeks after the attacks, had not yet patched their systems to protect against further abuse. This brings to light the ineffectiveness of communications regarding issues such as these and the lax approach of some network administrators.

Click to see the study.

0


About the Author

# #