Phishing Season Is Here – Do Your Employees Know What To Look For?
Tax season is one of the most active times of the year for cybercriminals – without the right IT security support, your business could be an easy...
1 min read
Last week, security researchers revealed details about a dangerous security flaw known as Heartbleed. The security flaw enables cybercriminals to access and steal data from compromised versions of OpenSSL, which is used to secure communications on many major websites on the Internet.
Since the vulnerability was disclosed, there’s been a lot of concern regarding what information can be stolen when the bug is exploited. When Security Watch conducted research to learn more, the results were alarming. According to researchers, a surprising amount of information, including login credentials and personal information, can be stolen by exploiting Heartbleed.
In addition, hackers may be able to steal the server’s private key, which is used to verify the following:
- The device is connecting to a real website.
- The information transferred is encrypted.
If the security flaw allows hackers to steal the server’s private key, the consequences are seriously concerning. Cybercriminals would be able to set up fake websites to intercept personal data, as well as decrypt encrypted network traffic.
Security Watch Puts Heartbleed to the Test!
Security Watch researchers were curious to see what type of information could be stolen by exploiting Heartbleed with a server running a vulnerable version of OpenSSL. During the test, researchers received information from the vulnerable server’s memory. After running tests for the entire day, Security Watch managed to collect a lot of information, including usernames, passwords, and session IDs.
According to one of the researchers, credentials can be stolen very easily and quickly, however, the request had to hit the server at the same time as someone logs in or interacts with the website, in order to steal personal information.
During a second test, researchers attempted to steal the private key from a vulnerable server. While it took hours and consumed a ton of bandwidth, the researchers were eventually successful at obtaining the private key.
For more details on Security Watch’s Test, visit http://securitywatch.pcmag.com/security/322691-heartbleed-is-scarily-easy-to-exploit. To learn more about Heartbleed, give us a call at {phone} or send us an email at {email}. {company} can help you informed regarding the latest security threats and how to protect your business.
Download our eBook
THE ULTIMATE ROADMAP TO CMMC COMPLIANCE
by filling out the form below!
Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!
A few months ago Heartbleed, apparently named after a James Bond villain, was a security bug that made headlines even in major, non-tech focused...
Microsoft Ends Support of SQL Server 2005.
Which version of SQL Server are you running? On April 12, 2016, Microsoft will cease support for its outdated SQL Server 2005. With over a decade in...
.png?width=288&height=123&name=Valeo-Logo-White%20(1).png){kind=logo}