Skip to main content
  1. Home
  2. Computing
  3. News

People should ‘Stop all transactions for a few days,’ due to Heartbleed, security exec says

By
netcraft heartbleed browser extension google chrome opera firefox 34
Image used with permission by copyright holder

We’ve seen some pretty scary quotes from Web security and cloud services experts regarding the Heartbleed flaw in OpenSSL. Heartbleed allows hackers to steal a potential treasure trove of data, including user names, passwords, emails, credit card numbers and more, without being detected by exploiting a flaw in the OpenSSL data encryption service used by many websites around the world. However, to this point, the quote offered by Mike Lloyd, who is the CTO of RedSeal, a network security firm, might be the most frightening of them all.

“Stop all transactions for a few days,” Lloyd said of the Heartbleed bug, which was recently uncovered by a team of researchers, despite the fact that it has existed for roughly two years.

Recommended Videos

Lloyd also states that “automation” is the key to combating threats like Heartbleed, as he wrote in an official RedSeal blog post.

“What you need is automation – not just vulnerability scanning (which can find those unpatched machines), but also a pre-built map, and a way to automate and speed up the query for “where are these machines suffering from Heartbleed, and what are they exposed to?”. Wise organizations plan for this – we know it’s going to happen again.”

MORE: How to check if your favorite websites are vulnerable to the Heartbleed bug

That’s what makes dealing with the realities of Heartbleed so frustrating. Aside from changing passwords and avoiding websites that are allegedly affected by Heartbleed, the average person is largely powerless when it comes to dealing with the threat. This isn’t a fire that can be snuffed out by employing the latest and greatest malware and anti-virus scanners, considering that this isn’t malware, but a gaping hole in the encryption service used by many of the world’s websites. It’s on individual companies, organizations, and governments to switch to a version of OpenSSL that doesn’t contain the Heartbleed flaw.

MORE: Here’s a list of websites allegedly affected by the Heartbleed bug (Updated)

Fortunately, to this point, more than a few household name websites that were once vulnerable or suspected of being susceptible to Heartbleed, have since reportedly been patched. These include Yahoo, Google, Dropbox and others.

However, Lloyd’s warning shouldn’t go unheeded. After all, Canada has put a stop to online tax payments for the time being in light of the Heartbleed revelation, and we can’t help but wonder if other governments, companies and organizations will follow suit soon.

What do you think? Sound off in the comments below.

Image credit: http://wallpaperswide.com

Topics
Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
How the Blue Screen of Death became your PC’s grim reaper
The Blue Screen of Death seen on a laptop.

There's nothing more startling than your PC suddenly locking up and crashing to a Blue Screen of Death. Otherwise known as a Blue Screen, BSOD, or within the walls of Microsoft, a bug check screen, the Blue Screen of Death is as iconic as it is infamous. Blue Screen of Death is not a proper noun, but I'm going to treat it like one. It's what you were met with during crashes on Intel's 14th-gen CPUs, and it littered airport terminals during the recent CrowdStrike outage.

Everyone knows that a Blue Screen is bad news -- tack on "of Death" to that, and the point is only clearer. It's a sign that something catastrophic has happened, so much so that the operating system can't recover, and it needs to reboot your PC in order to save it. The Blue Screen of Death we know today, fit with its frowning emoticon, is a relatively new development in the history of Windows.

Read more
The performance downgrade made to the M4 Pro that no one is talking about
Someone using a MacBook Pro M4.

I've spent this whole week testing the new M4 chip, specifically the M4 Pro in both the Mac mini and 16-inch MacBook Pro. They are fantastic, impressive chips, but in my testing, I noticed something pretty surprising about the way they run that I haven't seen others talk much about. I'm talking about the pretty significant change Apple made in this generation to power modes.

First off, Apple has extended the different power modes to the "Pro" level chips for the first time, having kept it as an exclusive for Max in the past. The three power modes, found in System Settings, are the following: Low Power, Automatic, and High Power. The interesting thing, however, is that in my testing, the Low Power drops performance far more this time around.

Read more
Fortnite PC performance: best settings, fps boost, and more
Fortnite man.

Chapter 2 Remix of Fortnite is in full swing, and as you're exploring everything that's new, there's no better time to refresh yourself on the best settings to use for your PC. After all, with higher frame rates come better reaction times for you, giving you a chance of getting that shot off before your opponent, which can sometimes make all the difference.

Fortnite is a slightly more demanding esport than some of its older rivals, but that just means there's more scope for performance improvements if you select the right settings. Here are the most important performance-enhancing tweaks you can make to Fortnite.
The best settings for Fortnite

Read more