The “heartbleed” bug recently discovered is the type of bug that security experts often discuss within the context of doomsday scenarios but truly never want to experience. The bug isn’t platformed specific; e.g. Patch Tuesday – Windows “fixes”; this bug targets the very fabric of secure communications across the Internet and all of those “things” that communicate across it.
The flaw at its very fundamental level steals information from SSL/TLS encrypted communications which is a core security requirement that all business and security executives agree upon without lengthy discussion – think of it as us breathing – essentially an action that is critical to our nature but we don’t consciously think about.
So, how does this new Internet bug impact businesses, consumers, and the average Internet user? Well in the simplest of terms; passwords, credit card information, private communications, intellectual property discussions, and personally identifiable information to name a few could be available for nefarious actors due to this most recent exploit discovery.
This bug is massive in scope and is no longer a fictional doomsday scenario contained within the boundaries of security pontificators. This is real, this is happening now – and as I write this I am overwhelmed by how many family members I will need to help convince to change their password for on-line mail, preferred shopping sites, etc. I can only imagine how CISO’s are feeling this morning around their Internet-connected ecosystem they thought was secure just a few days ago – may very well be exposed from an attack vector they thought was a foundational security protection layer.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Jonathan Sander is STEALTHbits’ Chief Technology Officer (CTO). As CTO, he is responsible for driving technical innovation, ensuring that STEALTHbits is well positioned in their current and emerging markets, and he will also lead corporate development efforts. Jonathan also plays the role of evangelist at STEALTHbits venues large and small. Prior to STEALTHbits, Jonathan was VP of Product Strategy for Lieberman Software.
As part of Quest Software from 1999 through 2013, he worked with the security and ITSM portfolios. He helped launch Quest’s IAM solutions, directing all business development and product strategy efforts. Previous to that, Mr. Sander was a consultant at Platinum Technology focusing on the security, access control and SSO solutions. He graduated from Fordham University with a degree in Philosophy.