Heartbleed Bug

Wednesday, April 9, 2014

Security researchers have announced a vulnerability in the Open Source "OpenSSL" Cryptographic Library for the internet.  OpenSSL is the data encrypted backbone of the web that provides a secure line for sending email, chatting, and for a majority of website transmissions and is indicated by the closed padlock and "s" in the "https" in the URL window.  The Heartbleed bug could have potentially exposed information of internet users everywhere even if the padlock is closed.  This has a lot of people worried, wondering if their information online has been secure.


How Bad Is It?

"It's really bad," says Business Insider's Kyle Russell, "Web servers keep a lot of information in their active memory, including usernames, passwords, and even the content that users have uploaded to a service..."

According to Russell, people may have been vulnerable for two years now and not even realized it.  This weakness can essentially allow attackers to gain access to highly sensitive data including credit card numbers, usernames, passwords and other sensitive data when cast across the internet.


Does This Affect Kanguru's Security Products?

No. Kanguru's Executive Vice President, Nate Cote, released a statement today to customers and partners reassuring them that Kanguru's Security Products are unaffected.


"Valued Customers and Partners,

As you may have seen in the news over the past 24 hours, a vulnerability in certain versions of the commonly used Open Source “OpenSSL” cryptographic library has been uncovered. After researching the affected versions, Kanguru’s implementation of products which use the OpenSSL libraries are NOT AFFECTED."


The threat of the Heartbleed Bug to internet users en masse is serious however, and everyone should make an effort to protect their data.  Since this threat has largely remained undiscovered for more than two years, personal information could have potentially been exploited directly or indirectly without an individuals' knowledge.  Though there is no specific incident that can point to the heartbleed bug as being used to compromise sensitive information, the internet vulnerability leaves no trace if a hacker were to use it.


So how can you protect yourself?  Kyle Russell states, "...assume that your accounts may be compromised."  One can start by changing all online passwords to bank accounts, online investment sites, shopping carts and other information where personal data could be vulnerable.

Software vendors, operating system vendors and service providers have already started implementing fixes before the announcement was made by security researchers yesterday, but it may take some time before the vulnerability is fully closed and secured.


For more information and a brief overview about the Heartbleed Bug, visit heartbleed.com.


 Other resources:

"Here's How To Protect Yourself From The Massive Security Flaw That's Taken Over The Internet"; Kyle Russell, Business Insider April 8, 2014

"'Heart Bleed' Bug Imperils Web Encryption; Putting Passwords, Credit Card Numbers at Risk"; Jack Phillips, Epoch Times April 8, 2014


Kanguru Solutions is a global leader in providing secure portable storage solutions, providing enterprises, organizations and consumers with the best in easy-to-use, secure IT products and hardware encrypted USB data storage. For more information on Kanguru, please visit http://www.kanguru.com.