How to Fix the ‘Heartbleed’ Flaw?
A serious vulnerability was exposed by security researchers on April 7, 2014. A problem was discovered with the encryption technology used to securely transmit e-mail, social media posts, e-commerce transactions and other related Web traffic. This flaw is known as the ‘Heartbleed’flaw and has remained undetected for nearly 2 years.
This breach involves SSL/TLS, an encryption technology marked by the small, closed padlock and "https:" on Web browsers to signify that traffic is secure. The Heartbleed flaw allows anyone on the internet to read information secured by the vulnerable version of SSL/TLS known as OpenSSL.
How to fix this flaw
How ViSolve fixed the Heartbleed flaw for its Clients
ViSolve’s clients are spread across industry domains such as banking, electronics and technology. To safeguard information assets and to prevent any security breaches, our enterprise team responded in quick time to fix the Heartbleed flaw.
For one of our client who is into banking, an upgrade to the OpenSSL-1.0.1g version was performed. Similarly for another client who is in the technology space, a recompilation of OpenSSL-1.0.1e was performed. Both of these were done within a couple of hours of knowing about the security flaw.
In order to eliminate this threat completely, servers using OpenSSL have to be replaced with new SSL certificates. All user credentials like passwords have to be changed along with additional security measures like two-step authentication.
ViSolve is a consulting firm that provides Enterprise services like Cloud Deployment, Monitoring, Support and Security. More information about ViSolve can be found here. To know more about enhancing your data security, drop us an e-mail – firstname.lastname@example.org.