Small business owners crucial to stopping Heartbleed, experts say

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bizjournals.com/austin/blog/techflash/2014/04/small-business-owners-crucial-to-stopping.html

Small business owners are a crucial link in stopping the Heartbleed
Internet security breach vulnerability that took the world by surprise
earlier this month.

The two-year-old security bug forced businesses to scramble in order to
reconfigure their servers and users of e-commerce websites to reset their
passwords.

Owners of small businesses with less tech support and less time to deal
with such problems are a crucial link in response to potential security
breaches, said Rayford Sims, assistant director of the Center for
Infrastructure Assurance and Security at the University of Texas at San
Antonio.

“For the most part, people have acted responsibly and updated their
systems,” he said. “But operators of internal websites are not as
motivated. They have limited resources ... so security takes a backseat.”

The Heartbleed vulnerability enables hackers to gather encrypted
information on servers that use the highly popular OpenSSL software. As a
result, personal data, including passwords, have become available to those
searching for the information.

Open source software is often more secure than proprietary software because
developers constantly update with patches as vulnerabilities are
discovered, experts said.

They estimate that as many as 500,000 sites could have been exposed. More
importantly, it’s nearly impossible to determine which ones were breached.

“It’s like they can walk right through a locked door,” said Paul West
Jauregui, vice president of marketing for the Austin-based Praetorian Group
Inc. “It’s essentially reaching your hand into a black box and extracting
information.”

Jeff Reich, former director of research operations at the Institute for
Cyber Security at UT at San Antonio, advises frequent users of e-commerce
websites to change their passwords immediately and then again in three
weeks to ensure the safety of their information.

Reich, now the chief security officer of San Francisco-based Engine Yard
Inc., said the Heartbleed vulnerability is a serious security issue
compared with others. But not knowing the scope of what data has been
exposed makes it all the more serious. “This is a really, really bad one,”
he said.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!