• 3CX IP Phone System

    Unified Communications

    Unify your communications with 3CX Phone System for Windows. 3CX Phone System is far less expensive than a traditional PBX and can reduce call costs substantially by using a VoIP service provider.

    More Information

  • AVG CloudCare

    Cloud Based Antivirus

    AVG CloudCare™ is the free cloud-based administration platform with “pay-as-you-go” services that make it easier to manage and protect your small business.

    More Information

  • Cloud Computing

    Virtual Servers to run your applications

    Whether you need a dedicated cloud server or shared space, CTG is here to help.

    More Information

  • Enterprise Data Backup

    Every hard drive will fail.

    Your company data is the most expensive assest your company has, make sure it is protected.

    More Information

  • Web Presence

    Every Business needs a great website.

    We work with some of the best designers in our area to bring you a great web presence.

    Buy Now Details

Heartbleed Could Cost Millions, Could Have Been Prevented

Heartbleed Could Cost Millions, Could Have Been Prevented Early estimates of Heartbleed’s cost to enterprises are running in the millions. Revoking all the SSL certificates the bug leaked will come at a hefty price, according to CloudFlare, a Web hosting service provider.

Indeed, CloudFlare insists the revocation process for SSL certificates is far from perfect and imposes a significant cost on the Internet’s infrastructure. After completing the process of revoking and reissuing all the SSL certificates it manages for its customers, the company measured a clear spike in bandwidth due to the exercise. CloudFire estimates overall costs could run into the millions, based on its own experience.

“Globalsign, who is CloudFlare's primary CA partner, saw their Certificate Revocation List (CRL) grow to approximately 4.7MB in size from approximately 22KB on Monday,” CloudFlare’s Matthew Prince wrote in a blog post. “The activity of browsers downloading the Globalsign CRL generated around 40Gbps of net new traffic across the Internet. If you assume that the global average price for bandwidth is around $10/Mbps, just supporting the traffic to deliver the CRL would have added $400,000 to Globalsign's monthly bandwidth bill.”

It Could Have Been Prevented

We turned to Richard Kenner, co-founder and vice president of AdaCore, a software solutions provider for Ada, which is a programing language designed for large, long-lived applications where security is critical, to get his take on lessons learned so far from this costly bug. He pulled back the lens and asked a significant question: Why are these things still happening?

First, let’s look at what he means by “still.” He reminded us of the incident just over a month ago where a bug in the same type of software affected Apple devices. He also pointed to a glitch two years ago that caused a Wall Street trading firm to lose $440 million in 30 minutes. And, he noted, almost every week we hear about some glitch that shuts down airlines, hotel reservation systems, or stock trading for a few hours. Cars are even being recalled in the wake of defective software.

“The programming language used in the software responsible for Heartbleed [is] 40 years old. The tools used to write it are much the same as would have been used 40 years ago,” said Kenner, who was a researcher in the Computer Science Department at New York University from 1975 through 1998. “The same language and tools were used in the recent Apple bug. Analysis of that bug showed that using any one of multiple practices that should be standard in the industry would have prevented that bug.”

We Can Do More

So, then, could IT best practices have caught Heartbleed sooner? Following best practices isn’t enough for software that provides security services, but Kenner said technology does exist that IT can use to prove programs meet certain properties, such as ensuring the program never reads from a place in memory where it didn’t write.

“The program that contained the Heartbleed bug did exactly that and an attempt to prove that it didn’t would have quickly found this bug -- as would the use of certain tools that also detect this type of error,” Kenner said.

“But we can do more. Programs providing security services should never transmit private keys, usernames, and passwords externally and that’s a property we should also be able to prove, as well as the conditions under which they grant access to secured services," he added.
 

SecurityByDesign:

Heartbleed Could Cost Millions, Could Have Been Prevented

Posted: 2014-04-19 @ 2:48pm PT

@Rob: Password managers are useless. They just concentrate all the eggs in one basket.

Rob:

Heartbleed Could Cost Millions, Could Have Been Prevented

Posted: 2014-04-19 @ 10:36am PT

Are password managers safe? Sticky Password, LastPass, 1Password?

Read more http://www.newsfactor.com/story.xhtml?story_id=92368

Claim bonus atbet365 united kingdom - bbetting.co.uk