Heartbleed: Security call for update [Bangkok Post, Thailand :: ]
(Bangkok Post (Thailand) Via Acquire Media NewsEdge) April 21--Organisations handling sensitive personal and financial information are being urged to update their encryption software to the latest version in order to reduce the risk of being hit by global computer security threats including the latest Heartbleed Bug, warn major security experts.
Thousands of computers in Thailand were left vulnerable to the attack from the latest global computer security threat Heartbleed.
Heartbleed appears to be one of the biggest flaws in the history of the internet, affecting the basic security of as many as two-thirds of the world's websites.
The bug is a serious vulnerability in the OpenSSL cryptographic software library which allows attackers to steal information protected by the SSL/TLS encryption. SSL/TLS provides communication security and privacy over the internet for applications such as web, email, instant messaging and some virtual private networks.
The bug enables outsiders to read the memory of the targeted computer, secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users. It allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
Soranun Jiwasurat, director of the Thai Computer Emergency Response Team (ThaiCERT), which is under the Electronic Transaction Development Agency, said state agencies and companies handling sensitive personal or business data or records as well as e-commerce service providers and companies who use OpenSSL need to update their encryption software to the latest version with a security patch to prevent data leak.
Web servers, network routers, smartphones and video surveillance are the most vulnerable targets.
Hackers are trying to find a new sophisticated threat landscape to create new sources of vulnerability after Microsoft ended its Windows XP support.
Mr Soranun expressed concern that state authorities are not getting full alerts on data security despite the fact that Thailand had the highest number of web defacement incidents in Asean, with more than 3,500 cases.
Prinya Hom-anek, founder of Acis Professional, a leading security training centre, said that organisations which share their personal data with third parties should be concerned about third-party risks.
Mr Prinya also suggested companies who use OpenSSL version below 1.01g need to update their software.
Consumers are urged to change their passwords annually to increase personal security, especially using services on social networks, public email and online storage services.
People using Android-based devices, meanwhile, need to update their mobile operating systems to the higher 4.1.1 version, he said.
Three organisations ? the Thailand Information Security Association, the Thai Webmaster Association and the Thai E-Commerce Association 151 ? are providing tools to allow organisations to check their websites through www.tisa.or.th to see whether they have been affected or not.
In one week alone, up to 2,300 servers had tested their systems and found 30 servers were affected.
(c)2014 the Bangkok Post (Bangkok, Thailand)
Visit the Bangkok Post (Bangkok, Thailand) at www.bangkokpost.com
Distributed by MCT Information Services
[ Back To TMCnet.com's Homepage ]