"Heartbleed" exposes millions of online passwords
Passwords, other data exposed to potential theft by "Heartbleed" security flaw
By Michael Liedtke and Anick Jesdanun, AP Technology Writers | Associated Press – 21 hours ago
Most Web page
access uses HTTPS or SSL - as the encrypted tunnel for secured access.
If SSL tunnel can be broken into and the key to encrypt and decrypt the data can be stolen, then what other security techniques to protect and ensure Web secured access?
If SSL tunnel can be broken into and the key to encrypt and decrypt the data can be stolen, then what other security techniques to protect and ensure Web secured access?
All eTransactions, eCommerce uses predominantly HTTPS or SSL with Digital Cert and key exchange - so now is Internet eTransaction that uses HTTPS or SSL safe?
SSL VPN is
supposed to be used as a security tool to allow remote users to access
corporate network & server resources securely.
With Heartbleed, SSL VPN now
become a conduit for hackers to hack into the corporate and network resources.
SSL is also
used to remotely but securely manage and access network devices.
The secured
conduit for administrator and users to access corporate network which is also a
shield to protect internal resource has now now become a conduit and a spear
for hackers to attack directly at the heart of the corporate resource.
What an
irony – no wonder Heart can Bleed.
This security
breach is by far the most damaging that hit at the supposed secured mechanism
and turn it into a weapon to attack the system it supposed to protect.
No comments:
Post a Comment