While the Coto de Caza's website does not appear to be susceptible to the HeartBleed bug, it uses obsolete security protocols
Posted By CotoBlogzz
Rancho
Santa Margarita, CA – Qualys, a pioneer and leading provider of cloud security
and compliance solutions announced yesterday that its newly released tool can
detect the OpenSSL HeartBleed vulnerability announced Monday, April 7, 2014
Using the Qualys tool, the CZ Master Association’s website
gets a grade of F. So does its security company’s, Universal
Protection (UPS) website
|
|
 |
| Other rated websites |
Even if you have never heard of OpenSSL, more than likely it
is a part of your life in one way or another.
The Apache web server that powers more than 50% of the Internet’s web
sites, for example, they use OpenSSL.
OpenSSL is an open-source implementation
of the Secure Sockets Layer
(SSL)and Transport Layer Security ( TLS ) protocols. While
the Secure Sockets Layer (SSL) protocol is a standard for encrypted network
communication, there is surprisingly
little attention paid to how SSL is configured, given its widespread usage. SSL
is relatively easy to use, but it does have its traps.
The HeartBleed bug was
discovered and reported to the OpenSSL team by Neel Mehta of Google’s security
team. OpenSSL released an emergency patch for the bug along with a Security Advisory yesterday.
“The HeartBleed vulnerability is easy to exploit and there
are already many proof-of-concept tools available that one can use in minutes,”
said Ivan Ristic, Director of Engineering at Qualys and renowned SSL technology
expert in a press release. “After a successful attack, the attacker can
obtain a large chunk of server memory, which can contain server private keys,
session keys, passwords and other sensitive data. IT administrators need to map
their exposure and install the patched version wherever necessary
No comments:
Post a Comment