Cyber Insurance brief: What you need to know about the Heartbleed Bug

By Mark Philmore
Magnifying Glass - MFL News

“Making waves in the internet community is the discovery of the Heartbleed Bug, a serious vulnerability that allows hackers to steal personal information that is normally protected by OpenSSL encryption.

OpenSSL provides security for Web applications, email, instant messaging and some and some virtual private networks.

According to Internet security services provider Netcraft, about half a million trusted websites are vulnerable to the Heartbleed Bug.

Heartbleed Basics 

The Heartbleed Bug allows anyone on the Internet to read the memory of any applications or websites that use vulnerable versions of OpenSSL. Hackers can exploit the vulnerability to steal four types of data:

1. Encryption keys, which can be used to decrypt protected information

2. User credentials, such as username and passwords

3. Personal information, such as financial details or private emails

4. Other information that they won’t have much use for after OpenSSL is updated to a fixed version

Are You Affected?

Chances are this affects you and your business in one way or another. OpenSSL is the most popular cryptographic library in use on the Internet, so it is likely that you use several websites that may have this vulnerability. Unfortunately, websites using the most current versions of OpenSSL (versions 1.0.1 through 1.0.1f) are the ones most likely to be at risk. Earlier versions are not vulnerable…”

To read on, download our cyber insurance brief, ‘What you need to know about the Heartbleed Bug’, here.

Contact the MFL Science & Technology team to discuss Cyber Liability, on 0113 336 2274.

Disclaimer: MFL is happy for articles to be used in reputable publications, websites and companies in a public domain. Third parties that haven’t directly received this article in the form of an electronic press release must receive express permission from MFL, the sole owners of all of this website’s marketing and PR content.

To receive permission to use this article or to make further enquiries, contact MFL’s Marketing and Development team.