Here you will find the latest blogs from Trend Micro’s experts along with a comprehensive look at how the media has covered this vulnerability. We encourage you to scroll through the various blogs, provide comments and enjoy the in-depth knowledge that Trend Micro has to offer.
April 17, 2014
Last week, we said that the best things you can do to help protect yourself from the Heartbleed vulnerability were to make sure you’re running a security suite like Titanium, keep an eye on your accounts for unusual activity, and change your passwords when you’re told to by website operators.
April 16, 2014
Yahoo Small business Advisor Not even Tor can keep you safe from Heartbleed
April 15, 2014
In an earlier blog post, we mentioned that mobile apps are also affected by the Heartbleed vulnerability. This is because mobile apps may connect to servers affected by the bug. However, it appears that mobile apps themselves could be vulnerable because of a bundled OpenSSL library.
April 14, 2014
Heartbleed Impacting the Deep Web?, by JD Sherry, Vice President of Technology and Solutions
News of this week’s massive and far reaching OpenSSL vulnerability “Heartbleed” has put all of us on our heels. In what could be called the equivalent of an Internet oil spill, individuals and organizations are scrambling to discover how to clean up this mess and get on with business as usual.
Heartbleed – One Week In, by Mark Nunnikhoven, principal engineer for cloud and emerging technologies
The bug has been dominating headlines for the past week – and rightfully so. The scale of the impact of this issue is major. OpenSSL has been integrated into a significant number of development projects. It’s probably the most commonly used security library out there. In support of the posting “Heartbleed – One Week In”, Mark Nunnikhoven has made a short (4:32) video outlining the issue: http://vimeo.com/91914818
In between the end of support for Windows XP and the Heartbleed OpenSLL vulnerability, one good bit of news may not have been noticed: the Microsoft Word zero-day vulnerability (CVE-2014-1761) reported in late March was fixed. We have since looked into this attack and found that the exploit was created by an attacker with some skill, resulting in what can only be described as a sophisticated exploit.
April 13, 2014
April 12, 2014
Deccan Chronicle – Heartbleed affects mobile apps too: Trend Micro
World News – Heartbleed affects mobile apps too: Trend Micro
April 11, 2014
ComputerWorld – Heartbleed flaw affects mobile apps, too
Law Technology News – Heartbleed: What to Change, How and When
Trend got a mention here – A Billion Smartphone Users May Be Affected by the Heartbleed Security Flaw – Forbes Tech News
April 10, 2014
The severity of the Heartbleed bug has led countless websites and servers scrambling to address the issue. And with good reason—a test conducted on Github showed that more than 600 of the top 10,000 sites (based on Alexa rankings) were vulnerable. At the time of the scanning, some of the affected sites included Yahoo, Flickr, OKCupid, Rolling Stone, and Ars Technica.
In trying to gauge the impact of the Heartbleed vulnerability, we proceeded to scanning the Top Level Domain (TLD) names of certain countries extracted from the top 1,000,000 domains by Alexa. We then proceeded to separate the sites which use SSL and further categorized those under “vulnerable” or “safe.” The data we were able to gather revealed some interesting findings.
Business & Leadership – Heartbleed vulnerability – what is it and what do you need to do?
The Globe and Mail – How Heartbleed works: A master key for the Internet
April 9, 2014
Don’t have heartburn over the Heartbleed Vulnerability, by Christopher Budd, Global Threat Communications Manager
There’s a new security issue in the news that many people are worried about. It’s called the “Heartbleed vulnerability.” There’s a lot of confusion around it, especially about what most people should be concerned about and do about it. To help you understand what’s going on and not panic, here are some answers to FAQs (frequently asked questions).
Edmonton Journal – Facts about the Heartbleed computer bug
Ottowa Citizen – Facts about the Heartbleed computer bug
San Francisco Chronicle – Heartbleed online security bug isn’t easily fixed
The Province – Facts about the Heartbleed computer bug
Vancouver Sun – Facts about the Heartbleed computer bug
April 8, 2014
Software vulnerabilities exist – it’s a fact of life that we all have to live with, and if we’re both lucky and diligent enough, we can patch it before any cybercriminals can exploit it. That isn’t always the case, but thankfully that’s the exception, not the rule.