Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

80 percent abortion in India through medicines: Lancet

 Three in four abortions in India are through drugs from chemists and informal vendors rather than from health facilities, said a report in The Lancet. An estimated 15.6 million abortions were performed in the country in 2015, reports The Lancet in its latest released paper on ‘Inciden

A turbulent journey so far for seaplanes in India

Prime minister Narendra Modi’s seaplane ride in Gujarat is certainly unique, but it is not as historic as it is being made out to be. Gujarat chief Minister Vijay Rupani said this is for the first time in the history of the country that a sea-plane will land on a water body and that wi

GAIL fast tracks implementation of Pradhan Mantri Urja Ganga project

 GAIL has awarded a contract for laying 520 km gas pipeline connectivity from Dobhi (Bihar) to Durgapur (West Bengal), including 120 km line to Jamshedpur (Jharkhand). With these awards, major contracts for phase two of the Jagdishpur-Haldia and Bokaro-Dhamra natural gas pipeline (JHBDPL) project have

Indane LPG refill booking through FB, Twitter launched

 IndianOil corporation (IOCL) has launched Indane LPG cylinder refill booking through social media platforms like Facebook and Twitter. Director (marketing) Gurmeet Singh emphasised on the need to leverage technology and the growing social media to provide simpler and effective options to cu

Time for India to adopt DNA forensics to solve crime

Forensic DNA has emerged as the world’s greatest crime fighting technology. Many countries are effectively using forensic labs and protocols to collect, test and compare DNA at crime scenes with that of suspects with promising results. While the law machinery the world over is increasi

Do you think sea-planes can be used to improve air connectivity?

Do you think sea-planes can be used to improve air connectivity?



Video

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter