Heartbleed is Just the Beginning ?

SSL is a popular encryption technology that allows web users to protect the privacy of information they transmit over the internet. When you visit a secure website such as Gmail.com, you'll see a lock next to the URL, indicating that your communications with the site are encrypted.

The latest Heartbleed Bug compromises the security infrastructure of tens of thousands of servers and puts at risk the data of millions of users.

What is the Heartbleed Bug?

The majority of SSL-encrypted websites are based on an open-source software package called OpenSSL. On 7th April researchers announced a serious bug in this software that exposes users' communications to eavesdropping. OpenSSL has had this flaw for about 2 years.

the SSL standard includes a heartbeat option, which allows a computer at one end of an SSL connection to send a short message to verify that the other computer is still online and get a response back. 

Researchers found that it's possible to send a cleverly formed, malicious heartbeat message that tricks the computer at the other end into divulging secret information. Specifically, a vulnerable computer can be tricked into transmitting the contents of the server's memory, known as RAM.

Cyber insecurity comes in many forms. Heartbleed comes hot on the heels of the December 2013 hack of retail giant Target, in which 40 million credit cards and 70 million user accounts were hijacked. 

Within days, the stolen data appeared on black markets that specialize in hacking tools, hacking services and the fruits of malicious hacking. 

The Target event was no anomaly, nor was it even the largest such breach on record that honor goes to the 2009 data breach of Heartland Payment Systems, which reached roughly 130 million stolen records yet it is a timely reminder that cybercrime is prevalent and increasingly and inextricably tied to a growing and maturing underground economy.

Now black markets have evolved into playgrounds of financially driven, highly organized and sophisticated groups, often connected with traditional crime organizations. 

For certain levels of criminals, these black markets can be more profitable and less risky than the illegal drug trade; the links to end-users are more direct, and because worldwide distribution is accomplished electronically, the requirements are negligible. 

In many countries, malicious hacker activity is condoned in fact, there are even reports of Eastern European hackers with government ties.




Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter