Heartbleed Bug, One Month Later

The Heartbleed Bug after one month has affected hundreds of thousands of servers. Android and devices are still prone to the Heartbleed bug. PC World had recently highlighted the word from Errata Security's Robert Graham, who came to that number after scanning millions of web servers on Internet port 443, which is used for TSL/SSL communication. Graham's determination that 318,239 servers are still vulnerable to Heartbleed is a significant drop from the more than 600,000 he found when Heartbleed first became public.

Android and Antivirus software or apps are being actively used to further protect devices. Today we have millions of mobile devices available on market. With employees expectations of using BYOD employers should further embrace the devices within the organization and choose the right BYOD strategy. The advanced persistent threats or APTs are changing rapidly. It is important to keep security protection in mind for devices as “daily protection” rather than on an “as needed” basis.

Inferse / Google

The team at BeyondTrust posted in a recent blog post with further Heartbleed insights which highlighted the main takeaway of this vulnerability is that attackers can use this to obtain things like secret keys used for X.509 certificates, user names and passwords, instant messages, emails, and other highly sensitive information. The company advises users to upgrading to OpenSSL 1.0.1g, which contains the fix. If using Retina, users can scan their systems to see if they are using a vulnerable version of the OpenSSL library with the audits mentioned in the post.

Keeping up with security in the BYOD era with employee engagement is also a strategy to consider. If programs were customized and to areas which employees can "engage" with IT security policies it should fit within the environment or culture executed by every employee in daily tasks. Policy is critical. IT is a vital role in developing such policies and building framework for everyone.