Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

Finance ministry ropes in NBCC to build houses for officers

Department of Economic Affairs (DEA) and National Buildings Construction Corporation Ltd (NBCC) have signed an agreement for the construction of housing project for Indian Economic Service (IES) officers. For this, the urban development ministry has allotted 3,519 square metre of land on Dee

Aviation minister lays foundation of integrated office of aviation agencies

The foundation stone for the integrated office complex of director general of civil aviation (DGCA), bureau of civil aviation security (BCAS), airports economic regulatory authority of India (AERA), aircraft accident investigation bureau (AAIB) and airports authority of India (AAI) was laid by civil aviati

Civil society pays tribute to veteran journalist Neelabh Mishra

Civil society has paid rich tributes to Neelabh Mishra, veteran journalist and human rights activist, who died in Chennai Saturday after a prolonged battle with liver failure. The National Alliance of People`s Movements (NAPM) said it was deeply saddened to know of the untimely demise of its

All you need to know about the H-1B visa rules

It seems the process of procuring H-1B visas may get more difficult for the Indian IT companies with the new policy announcement by the US president Donald Trump. The new policy may hit the third party supplier base of the Indian IT firms in the US, the biggest users of H-1B visas. Moreover, now the H-1B m

Book Review: Letters to a Young Poet

Most of us would recall how sorely we needed a guide, a mentor, when we were in our twenties and starting out in a career, or in the deeper study of a branch of k

Can we handle our e-waste?

India is the fifth largest producer of e-waste in the world and has discarded approximately 18 lakh metric tonnes of e-waste in 2016, which is 12 percent of the global e-waste, according to a United Nations University study, ‘The Global E-Waste Monitor 2017’. In fact by 2020, India’s e-wa

Current Issue

Current Issue

Video

CM Nitish’s convoy attacked in Buxar

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter