Open SSL Heart-bleed Vulnerability – Aegify https://www.aegify.com Comprehensive Security, Risk and Compliance Assurance Solution Thu, 29 May 2014 08:31:42 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 Avert Open SSL Heart-bleed Vulnerability with eGestalt’s Aegify Scanner https://www.aegify.com/avert-open-ssl-heart-bleed-vulnerability-with-egestalts-aegify-scanner/ https://www.aegify.com/avert-open-ssl-heart-bleed-vulnerability-with-egestalts-aegify-scanner/#respond Thu, 29 May 2014 08:31:42 +0000 http://www.egestalt.com/blog/?p=722 “Heart-bleed” is a serious and unique vulnerability in the most accepted version of SSL. A large part of the web servers on the internet use OpenSSL to safeguard data and user accounts, and the latest “Heart-bleed bug” only affects OpenSSL’s 1.0.1 and the 1.01f versions. Given that the Secure-Socket Layer (SSL) and Transport Layer Security…

The post Avert Open SSL Heart-bleed Vulnerability with eGestalt’s Aegify Scanner appeared first on Aegify.

]]>
“Heart-bleed” is a serious and unique vulnerability in the most accepted version of SSL. A large part of the web servers on the internet use OpenSSL to safeguard data and user accounts, and the latest “Heart-bleed bug” only affects OpenSSL’s 1.0.1 and the 1.01f versions. Given that the Secure-Socket Layer (SSL) and Transport Layer Security (TLS) are pivotal in Internet security, this security chasm caused by “Heart-bleed” is grim. Versions 1.0.1 through 1.0.1f are vulnerable to exploits, and stand to expose user credentials, credit card data, sensitive documents and the server’s certificate itself.

Unlike the previous attacks seen recently, “Heart-bleed” doesn’t actually require any interesting cryptographic software. As the attacks leave no evidence in server logs, there is in reality no way of knowing if the bug has been actively exploited – thus making the effects more devastating than ever.  Regardless of whether you realize it, there is a lot of the security infrastructure you rely on that is dependent in some way on OpenSSL, and unfortunately the reliance on OpenSSL is only increasing. The risk with the OpenSSL Heart bleed vulnerability is bizarre, as there are a large number of private keys exposed on the Internet, leading to potential memory leaks in server-client interactions.

Detecting and Mitigating this Vulnerability

The new and improved Aegify Scanner from eGestalt, is the best answer to prevent a serious “Heart-bleed”. The heart-bleed bug is not a problem with OpenSSL’s innate design, but a result of a programming error. The updated Aegify Scanner from eGestalt, a leading provider of Cloud-based software-as-a-service (SaaS) solutions for business IT security monitoring, vulnerability analysis, asset and risk management, penetration testing and compliance management, helps in detecting the bug. The latest updated Aegify Scanner helps in detecting the bug, regardless of whether it has been set on a manual update or a 64-bit system. Whatever may be the method, by following a few simple steps, the scanner will be able to detect the OpenSSL Heart-bleed vulnerability in the next scheduled scan. The latest heart-bleed vulnerability scan feature is also available the free Aegify Freemium Scanner. Put an end to all “Heart-bleed” issues once in for all – Get the latest Aegify Scanner from eGestalt today!

The post Avert Open SSL Heart-bleed Vulnerability with eGestalt’s Aegify Scanner appeared first on Aegify.

]]>
https://www.aegify.com/avert-open-ssl-heart-bleed-vulnerability-with-egestalts-aegify-scanner/feed/ 0