Tel: 01684.276178

Fax: 01684.297083

2nd User Printers
Special Offers
On-Line Shop
Terms & Conditions
Contact Us


Manufacturers We Stock & Service



To Obtain A Quotation For Any Printer, Parts Or Consumables, Please Click Here



Heartbleed Virus .. What Is It? 

It's been a while since there was a computer security bug that potentially affected a very large number of people.

Unfortunately, it seems like we may all have been facing one for two years and not even realized it.

Recently security researchers announced a security flaw in OpenSSL, a popular data encryption standard, that gives hackers who know about it the ability to extract massive amounts of data from the internet services that we use every day and assume are mostly secure.

This isn't simply a bug in some application that can quickly be updated. The vulnerability is in the machines that power services that transmit secure information, such as Facebook and Gmail.

If you want to know more about the 'Heartbleed' bug ... read on.

Heartbleed is a flaw in OpenSSL, the open-source encryption standard used by the many websites that need to transmit the data that users want to keep secure. It basically gives you a secure link when you're sending an email or chatting on IM.

Encryption works by making the data being transmitted looking like nonsense to anyone but the intended recipient.

Occasionally, one computer may want to check that there's still a computer at the end of its secure connection, and it will send out what's known as a 'heartbeat', which is a small packet of data that asks for a response.

Because of a coding error in the implementation of OpenSSL, researchers have found that it was possible to send a well-disguised packet of data that looked like one of these heartbeats to trick the computer at the other end into sending data stored in its memory.

The flaw was first reported to the team behind OpenSSL by Google security researcher Neel Mehta, and then independently found by security firm Codenomicon. According to the researchers who discovered the flaw, the code has been in OpenSSL for about two years, and using it doesn't leave a trace.

So, how bad is that?  ... It's potentially really bad. Web servers can keep a lot of information in their active memory, including usernames, passwords, and even the content that users have uploaded to a service. According to some analysts even credit-card numbers could be pulled out of the data sitting in memory on the servers that power some services.

But worse than that, the flaw has made it possible for hackers to steal encryption keys the codes used to turn gibberish-encrypted data into readable information.

With encryption keys, hackers could intercept encrypted data moving to and from a site's servers and read it without establishing a secure connection. This means that unless the organisations running vulnerable servers change their keys, even future traffic will be susceptible.

Are you affected? .. Possibly, though again, this isn't simply an issue on your personal computer or your phone it's in the software that powers the services you use. You are likely to be affected either directly or indirectly. OpenSSL is a very popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company's site, commercial site, hobby site, sites you install software from or even sites run by your government might well be using vulnerable OpenSSL.

According to a recent web server survey up to 66% of sites are powered by technology built around SSL, and that doesn't include email services, chat services, and a wide variety of apps available on every platform.

So what can you do to protect yourself? ... Since the vulnerability has been in OpenSSL for about two years and using it leaves no trace, assume that your accounts could be compromised. You should change your online passwords, especially for services where privacy and security are major concerns. However, many sites likely haven't upgraded to software without the bug, so immediately changing them still might not help.

The researchers who discovered the flaw let the developers behind OpenSSL know several days before announcing the vulnerability, so it was fixed before word got out yesterday. We would expect that most major service providers would already be updating their sites, so the bug will be less prevalent over coming weeks.

Page dated April 2014


Cotswold Printers, Unit 5E Ashchurch Industrial Estate, Tewkesbury, Gloucestershire GL20 8NB
Email: Tel: 01684.276178  Fax: 01684.297083

Sitemap   2ndUser  On-LineShop  Special   OKI  Order  Terms  Contact  Printermodels laserjet

LJ2600N 5720 LJ4250N LJ5550DN CM1015