Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia

  • 23 April 2014
  • 0 replies
  • 837 views

Userlevel 7

The bug that keeps on giving

By John Leyden, 22 Apr 2014  Expunging the Heartbleed bug from vulnerable computers and gadgets is likely to take months, according to a leading vuln research firm. The cautionary assessment by Secunia comes as more and more products are judged to be vulnerable to the infamous OpenSSL security flaw.
 
Heartbleed most obviously affected secure web servers but also hit routers and other networking equipment, as well as a wide array of other enterprise technology.
 And the bundling of the faulty OpenSSL library means applications vulnerable to Heartbleed include everything from VPN software, messaging and VoIP apps, among others. A large number of smartphones (specifically those running Android 4.1) are also on the danger list.
 
Kasper Lindgaard, Secunia head of research, told El Reg that other items vulnerable to Heartbleed include switches and servers.
 
The messy vulnerability disclosure process that went with the discovery of Heartbleed means "everybody is now playing catch-up", according to Lindgaard. Smaller vendors will have only a small number of products to deal with but for IT giants the process poses a huge challenge.
 
 
Full Article
 
Not sure which is scarier...the bug/flaw itself or the aftermath and how long they now think it will be around?

0 replies

Be the first to reply!

Reply