Tuesday, April 29, 2014

Heartbleed bleeding continued, firewalls, power plants, HP printers

The amount of infected machines was "extremely worrying", says IT security expert Nicholas Weaver
Three weeks after the serious Heartbleed vulnerability became public, the extent of "security disaster" is becoming clearer. Especially the "Internet of Things" is strongly affected by the bug - and it will probably be for decades yet.
Austria: Still 1,600 computers affected
After the public was informed about Heartbleed, initially on web server in the focus of security experts. Here is the update in Austria is reasonably satisfactory Previous: SBA Researchreported that currently have about 1,600 computers are affected by the Heartbleed vulnerability, ursrpünglich 7,014 systems were vulnerable.
Although the number of 1,600 computers is not small, but it means that the security hole was filled to three-quarters of the affected systems.
Much greater cause for concern IT security experts such as Nicholas Weaver currently the "Internet of Things". "The number of affected devices is really worrying," said Weaver, who has worked for the University of Michigan.
Nest, Apple , Siemens
So had about Nest, the acquired by Google Manufacturer of smart thermostats, announced that they were affected by the vulnerability. Even Apple's Airport and Time Capsule suffer from the bow , as well as industrial equipment from Siemens, which are used in power plants and water treatment plants.
Firewalls as a security issue
It was particularly scary that exactly those devices are affected, which were actually purchased as a protective measure, says software developer Dave Taht, who is involved in an open source program for router.
So could provide security vulnerabilities calculated firewalls thanks Heartbleed: affects example, systems of Fortinet orWatchGuard . Both companies wanted to, as Wired , did not announce how many users had already performed an update.It is estimated, however, tens of thousands of firewalls are still unprotected.
HP printer
Even Hewlett-Packard was forced to admit that its printers could potentially suffer Heartbleed: However, the company was unable to assess themselves, which models are endangered. However, if it were only to a small number, so HP. However, it is hardly to be assumed that only HP printers are affected. According to Wired knew "no one currently on the true Außmaß the problem" about it.
"Could take decades"
However, even Heartbleed could have even worse consequences: Many devices that use Open SSL, were not affected because they used either outdated OpenSSL versions or updates the heartbeat would shut down.
Exactly but again could be a problem, so researchers Weaver: Because without automated heartbeat updates, the device would have to be manually provided with updates - and until the gap was then eliminated on all devices, it could take decades. (Fsc derStandard.at, 28/04/2014)

No comments:

Post a Comment