Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

3% of medicines are of poor quality: Survey

 More than three percent of medicines in India are ‘Not of Standard Quality’ (NSQ) and 0.0245 percent spurious, reveals a survey report on drugs quality by the ministry of health.  The survey carried out by National Institute of Biologicals (NIB), Noida found that out of the

BEL unveils new weapon system for MBT Arjun tank

 Bharat electronics limited (BEL) has launched a new weapon control system — Remote Controlled Weapon Station (RCWS) / Air Defence Weapon Station (ADWS) for 12.7 mm gun of MBT Arjun Mk II battle tank during recently concluded Aero India 2017 in Bengaluru. The new weapon control system

Sasikala camp in talks with OPS faction

 The Sasikala camp is in talks with the O Panneerselvam (OPS) faction and they are trying to win them over, says an AIADMK insider. Negotiation have started between the main AIADMK, which is with Sasikala, and the splinter group that is supporting former chief minister OPS. The party insider

Stories to read over the weekend

On October 1 last year, Mehtab Alam Ansari, 30, who worked as a tailor in Delhi, had arrived in his village, Chepa Khurd in Barkagaon tehsil of Harazibagh district, to celebrate Eid with his family. That morning, he was nearing Dadi Kalan, a neighbouring village, to meet an acquaintance when he hea

ONGC to invest of Rs 7,327 cr for five projects

  State run enterprise oil and natural gas corporation limited (ONGC) has decided to invest Rs 7,327 crore to develop five projects to produce oil and gas. The decision was taken in its 290th board meeting held on February 23. The projects include development of R-Series fields, incl

Shiv Sena may again ally with BJP

The civic election results could well have long term implications in Maharashtra’s politics, with the Bharatiya Janata Party (BJP) doing dramatically well and the Shiv Sena failing to get a simple majority.   The Shiv Sena won 84 seats, while the BJP bagged 82 seats. Th

Video

Digital Transformation Summit

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter