Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

June 6, 2014

Are Service Providers Prepared for Cybersecurity Risks Post-Heartbleed?

Many organizations responded to the Heartbleed Bug by conducting the appropriate risk assessments and vulnerability scanning to determine whether they were running vulnerable versions of Linux containing the affected OpenSSL versions (1.0.1 through 1.0.1f). If the vulnerability was found, they quickly moved to close it, but many organizations determined that the servers or systems they were running weren’t at risk.

The simple fact is that for hundreds of thousands of sites that ran the vulnerable OpenSSL code – which was in distribution for a year – we will probably never know whether the vulnerability was exploited, or exactly what data may have been compromised as a result of Heartbleed’s memory scraping.

...

http://www.corporatecomplianceinsights.com/are-service-providers-prepared-for-cyber-security-risks-post-heartbleed/