Sluggishness saves government websites from Heartbleed

ICERT had issued an advisory warning internet user about the bug and its solution

pragya

Praggya Guptaa | April 18, 2014



Believe it or not, government websites in India are less vulnerable to 'Heartbleed' bug. No, not because these websites have world’s best internet security protocols but because of the sluggish approach of government departments in the country. Yes, you read it right: sluggishness.

The Heartbleed bug exploits a flaw in the OpenSSL cryptographic software library. The vulnerability exposes sensitive information such as passwords, credit card numbers and other information to hackers by attacking the security certificates (SSL) of websites designed to protect online accounts for email, instant messaging and e-commerce.

According to experts, the bug has majorly attacked the sites that have updated their certificates. However, most of the Indian government sites are sluggish in updating their certificates, and therefore, the risk of getting affected is comparatively low. The two-year old bug has entered the system while updating these SSL certificates. “Generally government gives contract to vendors and they are less bothered about updating them,” said a security testing expert on the condition of anonymity.

It may be recalled that the Canadian revenue department had recently suspended its e-services for few days after being affected by the bug. The agency had reported that private information of about 900 people had been compromised as hackers exploited the Heartbleed bug. However, according to Indian Computer Emergency Response Team of India (ICERT) no such case has been reported so far in India.

ICERT had also issued an advisory warning internet user about the bug and its solution. “We have also written to large users and other organisations about the steps to be followed to mitigate the risk," said Gulshan Rai, director deneral, ICERT, to Governance Now.

According to some security experts, majority of the agencies and service providers might have already replaced the security certificates after the panic situation. Many experts and agencies are also advising internet users to change their passwords. ICERT’s advisory has also advised service provider to replace the certificate after moving to a fixed version of OpenSSL. It also advises users to change all sensitive credentials like usernames and passwords.

According to eScan MD and CEO Govind Rammurthy, “Since majority of websites are vulnerable to the Heartbleed bug mere changing a password will not help. Website would have to replace their OpenSSL software first in order to mitigate the threat.”

Commenting on the risks, Ajay Dubey, manager-south India, Websense, said, “Due to the nature of this bug data theft is of larger concern. We don’t know which all sites are compromised and what all data are with the hackers. Therefore, it is advisable that after replacing SSL certificate of sites, username and password must be changed.”

Comments

 

Other News

Evaluating public-private partnership, the right way

Public-Private Partnerships (PPP) projects are always under scrutiny, given the options of alternative of traditional procurement for the government. The value-for-money debate is one of the essential parameters to judge any PPP. In the absence of any credible data on this regard, it is very difficult to e

Electoral bonds emerge as preferred mode of political donation

Electoral bonds, introduced in January 2018 to bring in transparency in political funding, has emerged as the preferred route for making donations to parties, according to an analysis of the parties’ audit reports by the Association of Democratic Reforms (ADR). “Given the anonymi

On Met Dept’s foundation day: let’s talk weather

With a humble beginning in 1875, the India Meteorological Department (IMD) – which is celebrating its 145thFoundation Day on January 15 – has marched forward with various milestones and paradigms to serve the society. When weather and climate are playing more and more role in our daily lives, h

You have to sometimes find your adversary No. 1: Prithviraj Chavan

Prithviraj Chavan, a senior Congress leader and former Maharashtra chief minister, is the key architect of the ruling Maha Vikas Aghadi (MVA) alliance that came to power after the three-day government of the BJP, supported by Ajit Pawar of NCP, fell apart just before the supreme court ordered an open b

Connecting the dots: Environmentalism, development and health

Every winter Delhi experiences some of the worst air pollution levels in the world. Concentrations of particulate matter – PM10 and PM2.5 – regularly hover around values of 400 to 500, levels that are considered extremely hazardous by both Indian and international air quality standards. Doctors

Stimulate demand to revive economy: Abhijit Banerjee

Nobel laureate economist Abhijit Banerjee has sounded an alarm on the economic crisis and compared the present situation to the 1991 economic crisis, stressing that to revive the economy it is important to stimulate demand. Like elsewhere in the world, the level of trust in experts and the e



Archives

Current Issue

Video

CM Nitish’s convoy attacked in Buxar

Opinion

Facebook    Twitter    Google Plus    Linkedin    Subscribe Newsletter

Twitter