Hong Kong Government agencies have completed measures to protect themselves and users of their e-services against Heartbleed, a security loophole found in the widely-used OpenSSL encryption software. Agencies installed patches, arranged for renewal of digital certificates and cryptographic keys, and took steps to remind users to change their passwords.
The Office of the Government Chief Information Officer (OGCIO), Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and Hong Kong Police Force are jointly responsible for managing information security in the Government.
Gregory So, Secretary for Commerce and Economic Development said, “The Government has a well-established information security management framework and procedures in place to deal with matters related to information security, including issues arising from this OpenSSL vulnerability.”
Gregory So informed that the “prevailing digital certificate encryption technology is safe and secure”. As best practice, recognized certification authorities in Hong Kong review the settings of their systems to ensure security and reliability of the digital certificates they issue.
Heartbleed poses a risk to digital certificates which were produced by servers installed with version 1.0.1 of OpenSSL, an open source toolkit for the implementation of the SSL network security protocol.
More than 40 e-government services in Hong Kong require the use of digital certificates for identity authentication.
The security weakness could leave the digital certificates susceptible to attacks or hacks, which may result in sensitive information such as username and passwords being stolen.
OGCIO will continue to collaborate with HKCERT to raise awareness and knowledge of information security, and organise promotional activities to publicise and promote the importance of protecting computer systems and ensuring network security, and the secure use of digital certificates and online services among the general public and business sector.
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
No comments:
Post a Comment