Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

Election manifestos and voters` Right to Know

Recognising the importance of election manifestos, the supreme court directed the election commission (EC) of India to frame guidelines directly governing the contents of the election manifestos in the case of S. Subramaniam Balaji v. State of Tamil Nadu & Ors. reported in (2013) 9 SCC 659. Although th

No support from govt, says ad veteran Sam Balsara

Advertising veteran Sam Balsara has lamented the lack of support from the government to the industry and said that it has completely ignored the sector. Balsara, the founder, chairman and managing director of Madison World and Madison Communications, said that the government needs to provide

Covid-19: New cases are increasing, but so are recoveries

Even as India continues to record more than 50,000 new Covid-19 infections every day for a week now, there was some hope in the rising number of recoveries as well, with a drop in the case fatality rate and a spike in the recovery rate. Thus, the country recorded the highest single day recov

Breaking new ground in Ayodhya: History is created

History was created as prime minister Narendra Modi participated in the foundation-stone-laying ceremony for the new Ram Temple in Ayodhya on Wednesday, ending centuries of controversy. Modi performed Bhoomi Pujan at `Shree Ram Janmabhoomi Mandir`, in the presence of a very limited number o

How to encourage and support breastfeeding amid pandemic

The most joyous moment of a woman’s life is to breastfeed her baby for the first time. Breast milk is the foundation to build a strong bonding between mother and child and must not be missed by any newborn in its nutrition uptake. The World Health Organization (WHO) is encouraging people to “su

Covid testing: India crosses 2 crore milestone

As part of its 3T strategy of focusing on testing, tracing and treating to contain the Covid-19 pandemic, India crossed a landmark, testing 2,02,02,858 COVID-19 samples so far. This is pursuant to the key strategy followed by state/UT governments under the guidance of the centre for managem

Governance Now 5th PSU IT Forum

Archives

Current Issue

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter