Inside TDV - The Data Vault Blog
Heartbleed Round No. 2?
Just as the internet community was beginning to get it’s bearings after discovering and dealing with the Heartbleed security flaw debacle, another related software vulnerability has become readily apparent. In fact, not only is this bug just as serious; it’s also much older – reportedly having existed since at least 1998.
For those of you that haven’t kept up with the security issues surrounding the Heartbleed situation: roughly 2 months ago the flaw in question was found within a very popular software used by businesses to run their servers, allowing attackers to exploit the issue and compromise customer information. Companies such as Netflix, Google, and Instagram all recommended that users change their passwords immediately, and the potential for large data breaches was detailed and widely discussed online. With time the alarms and warnings died away after no major information losses occurred, but it was not to last.
As detailed in a post by Wired magazine last Thursday, security researchers who decided to go over the entire software package after the previous vulnerability have uncovered the second related bug in the software. This one goes much deeper to the core of the program itself and is not as easily fixable, given it’s essential nature to the software. The good news, however, is that this new problem is also not as easy to exploit, requiring a very specific situation to access. Because of that there’s not been the widespread panic like was seen with the original Heartbleed announcement, but this vulnerability could still open companies up to domestic spying by government agencies or extremely sophisticated organized crime syndicates.
Here at The Data Vault, our top priority is constantly reviewing and updating our security practices for both our online and offline services. While our cloud information services are unaffected by these bugs, we keep constant vigilance to maintain the integrity of our client’s information. If you’re in the market for an enterprise level solution with full strength security updates and peace of mind, please check out our cloud computing solutions that can fit every need.