Uncategorized

Oracle’s Race Against Heartbleed Vulnerability

For practical protection against the Heartbleed bug, you can check websites for vulnerability using dedicated Heartbleed checkers.

The Heartbleed Virus has wrought havoc around the world since its April 1, 2014 discovery. Also known by its official Common Vulnerabilities and Exposures number, CVE-2014-0160, it posed massive security issues for personal financial information, including private keys, passwords and cookies. Nearly 17 percent, or close to half a million secure servers on the web were rendered vulnerable to attack. This placed Heartbleed virus at “catastrophic” levels, considered to be the Internet’s worst vulnerability in terms of impact.

Characterized by a bleeding heart logo, experts say the bug went undetected for over two years, uncovering fears that hackers may have exploited this flaw long before its discovery.

How Heartbleed works

Heartbleed works by siphoning small amounts of data from the remote servers’ memory, estimated at 64kb each time. Combine these amounts of data, and you can retrieve crucial usernames, passwords, session IDs, Internet banking logs, encrypted keys, certificates and other sensitive information. Assuming a hacker is able to intercept this kind of traffic, they could continue spying on their victims remotely even after the Heartbleed virus has been patched.

In late April 2014, Oracle issued an announcement that 33 of its products may be vulnerable to the Heartbleed bug, and would most likely require a patch. Fortunately, its cloud services were declared to be Heartbleed-proof.

Oracle Database unhackable

Oracle Corp. CEO, Larry Ellison downplayed consumer fears saying that the Oracle database has never been hacked into by anyone in the last couple of decades. “”It’s so secure, there are people that complain.”

However, users of Oracle products will not be overly encouraged to learn that software products they may own, including those using OpenSSL cryptographic libraries, have been announced to be vulnerable. There is said to be another list under investigation, which includes the Sun Storage Common Array Manager and the fiber channel switches from Qlogic and Cisco, which are under the Oracle brand.

Recently, Oracle updated its users on the progress of its patch software development for Heartbleed. They also provided patches for Oracle Linux 6 and Solaris 11.2.

Oracle’s Global Product Security maintained that it continues to collaborate with the company’s product development teams for more updates on fixes for vulnerable products, as well as other products that may still be affected. They plan to announce future patches as they are released.

Expect more patches and fixes

End users dependent on Oracle products may find their hands full of patches, fixes and patchset updates in the next few months as the company races to reinforce batches of their susceptible software just to stay ahead in their battle against product vulnerability, and of course, its reputation.

For practical protection against the Heartbleed bug, you can check websites for vulnerability using dedicated Heartbleed checkers like LastPass and 1Password. Keep on the lookout for patch updates and test the website’s URL vulnerability before changing your username and password. Most experts recommend using strong alphanumeric passwords.

Finally, for users who feel their online privacy or anonymity has been compromised, it wouldn’t hurt cooling off the Internet for a while until vulnerable websites have been patched or have updated their OpenSSL versions.

Photo courtesy of theglobalpanorama.

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Artificial Intelligence

The Phenomenon That Is Artificial…

  Artificial intelligence is when a machine does cognitive functions that are more associated with humans, such as thinking, learning, problem solving, and reasoning. As...

Keep Reading

Cloud

Digital Transformation in Banking: Shift…

  The start of a new decade is already shaping up to be exciting for financial services, especially for banks as they continue to compete...

Keep Reading

Business Intelligence Blog

Data Science and Its Economic…

It would seem that artificial intelligence is the focus of businesses that are looking to future proof their organizations and stay competitive. And why not?...

Keep Reading

Data Blog

Ensure Efficient Data Science and…

In an ever-expanding landscape called Internet of Things and the exploding development of artificial intelligence, we are bombarded with complex methods of integrating data science...

Keep Reading

Business Intelligence Blog

Cybersecurity: The Top 5 Expectations…

  If you think about it, cybersecurity is closely tied to human rights, privacy, freedom, and even basic safety. As a whole, we have become...

Keep Reading

Business Intelligence Blog

Tech Security Should Be Easy…

  IT professionals know that tech security is important in everything that they do. And that there are a lot of products, tools, innovations, and...

Keep Reading

Business Intelligence Blog

The Top 6 Success Stories…

Nearly nine out of 10 digital transformation initiatives fail. Digital transformation projects fail for a variety of reasons. It can be because of a lack...

Keep Reading

Live Chat | Emergency