Most Information Security Scares, Come and Go with relatively Little Fanfare, Some though, Make a Splash and Catch the Attention of the Public and Media. "Heartbleed" was the Latest to Fall into the Latter Category and Sent the IT World into a Bit of a Frenzy. But, How Bad was it really ? Security Specialist, Secunia, Rates Vulnerabilities on a 1 to 5 Scale and Given the Amount of Publicity it Received you Might Expect "Heartbleed" to be at the Top End. In Fact, Secunia, Only Rates it as a "Moderately Critical" 3, a Score usually Used for Denial of Service Vulnerabilities against Services like FTP, HTTP and SMTP and for Vulnerabilities that Allow System Compromises but, Require User Interaction. Secunia's Director of Research and Security, Kasper Lindgaard Explains, "It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements". He Goes on to Point Out that, the Extremely Critical Rating is Reserved for, "Remotely exploitable vulnerabilities that can lead to system compromise, where successful exploitation does not normally require any interaction and exploits are in the wild". The Company does Acknowledge though that, the Effect of "Heartbleed" Depends to an Extent on the Size of the Vendor. Lindgaard Says, "Small vendors didn't have such a big ordeal with the vulnerability, however for larger vendors like Cisco, IBM and HP, it was -- and is -- a very different story: they will be hard at work on this one, for some time yet. Thus the costs and implications for large vendors is what will make the Heartbleed bug a long term problem".
You Can Read More on Lindgaard's Blog and Secunia has Produced an Infographic Charting the Timeline of the Bug, which you Can See, below:
http://secunia.com/blog/was-heartbleed-really-that-critical-heres-why-it-wreaked-havoc-across-the-it-community-396
0 comentários:
Enviar um comentário