Fall World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 30, Issue 1

Full Contents Now Available!

Friday, 06 June 2014 16:28

Are Service Providers Prepared for Cybersecurity Risks Post-Heartbleed?

Many organizations responded to the Heartbleed Bug by conducting the appropriate risk assessments and vulnerability scanning to determine whether they were running vulnerable versions of Linux containing the affected OpenSSL versions (1.0.1 through 1.0.1f). If the vulnerability was found, they quickly moved to close it, but many organizations determined that the servers or systems they were running weren’t at risk.

The simple fact is that for hundreds of thousands of sites that ran the vulnerable OpenSSL code – which was in distribution for a year – we will probably never know whether the vulnerability was exploited, or exactly what data may have been compromised as a result of Heartbleed’s memory scraping.