Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

Battle over cattle, Delhi govt schools lead the way and, why we must return to Gandhi & Tagore

On May 23 this year, the ministry of environment issued ‘Rules on prevention of cruelty to animals (regulation of livestock market)’ with the purported aim of regulating animal markets. When one reads the rules – notwithstanding the lame efforts from union ministers to issue clarificati

BEML unveils 9 MW capacity windmill park

  BEML, a mini ratna category-1 enterprise of the defence ministry, has set a target of using 100 percent renewable energy for its own consumption.   In this connection, BEML’s 9 MW Windmill Park installed at Bagalkot District in Karnataka was recently

BHEL registers increase in intellectual capital

  Bharat Heavy Electricals Limited (BHEL), a Maharatna enterprise, has recorded nearly 14 percent growth in its intellectual capital in 2016-17 fiscal. During the year, a record 508 patents and copyrights were filed by the company, translating into filing of nearly two patents/copyrights

NALCO partners with CII, Odisha for outreach programmes on GST

  National Aluminium Company Limited (NALCO) has joined hands with the Confederation of Indian Industries (CII), Odisha, to organise outreach programmes for industries and other stakeholders on GST implementation.   Series of interactive programmes are being

EPFO inks MoU with HUDCO for Housing for All by 2022

  Taking prime minister Narendra Modi’s vision of ‘Housing for all by 2022’ forward, Employees` Provident Fund Organisation (EPFO) has amended the EPF Scheme, 1952 to provide assistance in acquiring affordable houses to the EPF members by allowing withdrawal from PF to

IndianOil LPG import terminal to reduce refill backlog in Kerala

IndianOil is currently transporting bulk LPG from Mangalore to various LPG bottling plants in north Kerala through about 100 bullet trucks every day, which ply on narrow highways. A pipeline connecting the proposed LPG import terminal to Kochi Refineries Limited and the LPG bottling plants at Udayamperoo



Video

पाकिस्तानी सेना कैमरे में कैद करना चाहती थी ये हमला

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter