A large number of companies are using
the OpenSSL encryption to protect the servers and databases which contains trillion
GB’s of Data of Several users which leaves them at risk without risk assessment.
The openSSL contains a security flaw from 2 years and if it had exploited by
any third party or hacker it could be huge data breach on those servers which uses
the 64 KB chunks. It was very repeatable flaw if third party could hit the 64
KB button again and again, eventually they will be passes by the validation. Here
why it’s very harmful because you probably changed the security keys and generate
new one without knowing that your servers had previously been compromised so
the thing which protects you is to changing the keys constantly. An expert said
““I bet that there will be a lot of vulnerable servers a year from
now. This won’t get fixed”
Yahoo sent out an email “vulnerability, called Heartbleed, was recently identified impacting many platforms that use OpenSSL, including ours. As soon as we became aware of the issue, we began working to fix it. Our team has successfully made the appropriate corrections across the main Yahoo properties (Yahoo Homepage, Yahoo Search, Yahoo Mail, Yahoo Finance, Yahoo Sports, Yahoo Food, Yahoo Tech, Flickr and Tumblr) and we are working to implement the fix across the rest of our sites right now. We¹re focused on providing the most secure experience possible for our users worldwide and are continuously working to protect our user’s data"
So this is not a good thing for the
data companies, when their whole business runs on user trust and NSA has
already paid a good amount to RSA to accept a random encryption. But companies
thinking to encode your data through the voice or any biometrics of your which probably
could be more difficult to crack.
No comments:
Post a Comment