BreachExchange mailing list archives
Small business owners crucial to stopping Heartbleed, experts say
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 24 Apr 2014 18:09:34 -0600
http://www.bizjournals.com/austin/blog/techflash/2014/04/small-business-owners-crucial-to-stopping.html Small business owners are a crucial link in stopping the Heartbleed Internet security breach vulnerability that took the world by surprise earlier this month. The two-year-old security bug forced businesses to scramble in order to reconfigure their servers and users of e-commerce websites to reset their passwords. Owners of small businesses with less tech support and less time to deal with such problems are a crucial link in response to potential security breaches, said Rayford Sims, assistant director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio. “For the most part, people have acted responsibly and updated their systems,” he said. “But operators of internal websites are not as motivated. They have limited resources ... so security takes a backseat.” The Heartbleed vulnerability enables hackers to gather encrypted information on servers that use the highly popular OpenSSL software. As a result, personal data, including passwords, have become available to those searching for the information. Open source software is often more secure than proprietary software because developers constantly update with patches as vulnerabilities are discovered, experts said. They estimate that as many as 500,000 sites could have been exposed. More importantly, it’s nearly impossible to determine which ones were breached. “It’s like they can walk right through a locked door,” said Paul West Jauregui, vice president of marketing for the Austin-based Praetorian Group Inc. “It’s essentially reaching your hand into a black box and extracting information.” Jeff Reich, former director of research operations at the Institute for Cyber Security at UT at San Antonio, advises frequent users of e-commerce websites to change their passwords immediately and then again in three weeks to ensure the safety of their information. Reich, now the chief security officer of San Francisco-based Engine Yard Inc., said the Heartbleed vulnerability is a serious security issue compared with others. But not knowing the scope of what data has been exposed makes it all the more serious. “This is a really, really bad one,” he said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Small business owners crucial to stopping Heartbleed, experts say Audrey McNeil (Apr 29)