Uncategorized

Oracle’s Race Against Heartbleed Vulnerability

For practical protection against the Heartbleed bug, you can check websites for vulnerability using dedicated Heartbleed checkers.

The Heartbleed Virus has wrought havoc around the world since its April 1, 2014 discovery. Also known by its official Common Vulnerabilities and Exposures number, CVE-2014-0160, it posed massive security issues for personal financial information, including private keys, passwords and cookies. Nearly 17 percent, or close to half a million secure servers on the web were rendered vulnerable to attack. This placed Heartbleed virus at “catastrophic” levels, considered to be the Internet’s worst vulnerability in terms of impact.

Characterized by a bleeding heart logo, experts say the bug went undetected for over two years, uncovering fears that hackers may have exploited this flaw long before its discovery.

How Heartbleed works

Heartbleed works by siphoning small amounts of data from the remote servers’ memory, estimated at 64kb each time. Combine these amounts of data, and you can retrieve crucial usernames, passwords, session IDs, Internet banking logs, encrypted keys, certificates and other sensitive information. Assuming a hacker is able to intercept this kind of traffic, they could continue spying on their victims remotely even after the Heartbleed virus has been patched.

In late April 2014, Oracle issued an announcement that 33 of its products may be vulnerable to the Heartbleed bug, and would most likely require a patch. Fortunately, its cloud services were declared to be Heartbleed-proof.

Oracle Database unhackable

Oracle Corp. CEO, Larry Ellison downplayed consumer fears saying that the Oracle database has never been hacked into by anyone in the last couple of decades. “”It’s so secure, there are people that complain.”

However, users of Oracle products will not be overly encouraged to learn that software products they may own, including those using OpenSSL cryptographic libraries, have been announced to be vulnerable. There is said to be another list under investigation, which includes the Sun Storage Common Array Manager and the fiber channel switches from Qlogic and Cisco, which are under the Oracle brand.

Recently, Oracle updated its users on the progress of its patch software development for Heartbleed. They also provided patches for Oracle Linux 6 and Solaris 11.2.

Oracle’s Global Product Security maintained that it continues to collaborate with the company’s product development teams for more updates on fixes for vulnerable products, as well as other products that may still be affected. They plan to announce future patches as they are released.

Expect more patches and fixes

End users dependent on Oracle products may find their hands full of patches, fixes and patchset updates in the next few months as the company races to reinforce batches of their susceptible software just to stay ahead in their battle against product vulnerability, and of course, its reputation.

For practical protection against the Heartbleed bug, you can check websites for vulnerability using dedicated Heartbleed checkers like LastPass and 1Password. Keep on the lookout for patch updates and test the website’s URL vulnerability before changing your username and password. Most experts recommend using strong alphanumeric passwords.

Finally, for users who feel their online privacy or anonymity has been compromised, it wouldn’t hurt cooling off the Internet for a while until vulnerable websites have been patched or have updated their OpenSSL versions.

Photo courtesy of theglobalpanorama.

Uncategorized

Security Trends For 2024: SBOMs

A recent article on Forbes, linked below, lists five security trends that are likely to be important in 2024. Of course, AI-related security topics top...

Keep Reading

Uncategorized

Getting started with your first…

Anyone looking at writing their first Generative AI application should read this to save time. In June 2023, Google Cloud published a useful blog post,...

Keep Reading

Uncategorized

Read-Write and Read-Only query splitting…

Optimize the usage of the standby (secondary) read-only MySQL InnoDB Cluster servers by automatically and transparently distributing read-queries to them. A great feature in MySQL...

Keep Reading

Uncategorized

Considering Cloud Diversification?

Moving an enterprise to a Public Cloud can quickly feel like moving into a locked-in relationship with the Cloud vendor. One solution to diminish this...

Keep Reading

Uncategorized

Gartner: Global cloud consumption will…

Gartner forecasts that 2024 will see a 20% global cloud consumption increase from 2023 to $679B, while 2023 has seen an 18% increase from 2022...

Keep Reading

Uncategorized

ByteDance: Use AI for tuning…

ZDNet is reporting that a ByteDance (the maker of TikTok) Linux kernel developer has proposed to implement AI to tune the performance of Linux systems...

Keep Reading

AI Governance

What is AI TRiSM?

If reading now about AI TRiSM for the first time, it might be good read on and learn what it’s about because it leads the...

Keep Reading

Cloud Blog

4 Ways To Benefit from…

One of the benefits you get when you work with cloud applications is that you often have quarterly updates that are packed with features. This...

Keep Reading

Artificial Intelligence

Data and Analytics: Cross the…

  Artificial intelligence is a manna sent from digital heaven. That’s how blessed your business can get if you immerse into the AI of things....

Keep Reading

Business Intelligence Blog

How Brand Names Survive in…

  The age of digital marketplace has made it possible for unknown and smaller companies to compete with better-known and well-established brands. Take for example...

Keep Reading

Live Chat | Emergency