A detailed analysis was conducted by cybersecurity experts for a university. They found that website administrators nationwide are not doing enough to patch security holes exploited by Heartbleed bug.
A detailed analysis was conducted by cybersecurity experts for a university. They found that website administrators nationwide are not doing enough to patch security holes exploited by the Heartbleed bug.
The Heartbleed bug, which was first disclosed in April this year, presents a serious vulnerability to the popular OpenSSL (Secure Sockets Layer) software, allowing anyone on the Internet to read the memory of systems that are compromised by the malicious bug.
A team of cybersecurity experts from the University of Maryland analyzed the most popular websites in the United States, more than one million sites were examined, to better understand the extent to which systems administrators followed specific protocols to fix the problem.
Assistant Research Scientist Dave Levin and Assistant Professor of Electrical and Computer Engineering Tudor Dumitras team, which included researchers from Northeastern University and Stanford University, discovered that while approximately 93 percent of the websites analyzed had patched their software correctly within three weeks of Heartbleed being announced, only 13 percent followed up with other security measures needed to make the systems completely secure.
Levin said that once Heartbleed was made public website administrators everywhere should have immediately taken three steps to regain better control and security over their systems.
He revealed that they needed to patch their OpenSSL software, they needed to revoke their current certificates, and they needed to reissue new ones.
Advertisement
Dumitras and Levin hope that the team's findings would spur conversations regarding the multiple factors that influence overall computer security, and how those factors can work together to better strengthen systems.
Advertisement
Source-ANI