Heartbleed : Medium to Long Term Risks

Heartbleed OpenSSL bug will continue to work silently for a long time, the word is from few specialized companies in the field of security. The serious bug Heartbleed was discovered nearly a month ago and is destined to be talked about for a long time. Although the main channels of digital information have forgotten partially about Heartbleed Bug; as is the case for other media, the appeal of a breaking news is not going to last long, the bug will be present and working in the coming months.

Heartbleed : Problem is For the Common User to the Enterprise Sector

The first question to be addressed is the owners of the devices, such as tablet / smartphone, which can not be updated on the user side: Open SSL is built into millions of devices, apps and systems around the world. When vulnerabilities are discovered to scale so wide and solved by updating the firmware, there will be a high number of devices that will remain vulnerable. Later, at worst, they were destined to remain at the mercy of hackers for years, probably until they are replaced or at the end of their life cycle – considering the consumer mentality of the users.

From this point of view, even in the enterprise dangers are not intended to stop the upgrade of key infrastructure : the diffusion of the device is high and in fact, thanks to the now well-established trend of BYOD (bring your own device, the practice of use their personal devices for carrying out tasks / work business), companies will have to review as soon as possible their own security policies.

Heartbleed : Some Tips

As for the enterprise IT executives, centralized security policy management should be implemented so one can continue without taking additional risks, to use for work purposes their electronic devices. In any case, the research team of the vulnerabilities will be busy for a long time: Heartbleed in fact, will have a long tail of the problems and it will take months to secure the infrastructure and become aware of other systems at risk – many of which will prove to be of long-standing (obsolete) and therefore difficult or almost impossible to patch.

The use of applications for the detection of bugs or sites that offer to perform similar tasks, the user is strongly discouraged to use : you will be exposed unnecessarily to additional threats, it is not uncommon to find viruses and malaware masked by security scanner, without in any way to solve the problem – as mentioned earlier, only the producers will be able to immunize the device through desirable firmware update.