scorecard
  1. Home
  2. tech
  3. Many big companies are still vulnerable to the biggest computer bug ever discovered, report says

Many big companies are still vulnerable to the biggest computer bug ever discovered, report says

Cale Guthrie Weissman   

Many big companies are still vulnerable to the biggest computer bug ever discovered, report says
Tech2 min read

heartbleed hack

Business Insider

The computer bug Heartbleed was discovered one year ago, but many companies and individuals are still seeing its effects, according to a new report released on Tuesday by security firm Venafi (via Fortune).

Heartbleed, which has been referred to as one of the biggest computer vulnerabilities ever discovered, was a critical flaw that enabled hackers to steal data that was considered secure, as well as the encryption keys.

This meant that servers storing critical content like passwords, usernames, and other critical data were accessible to hackers that picked up on the vulnerability.

Companies have had the last twelve months to completely fix bug, but most have not, as Venafi discovered in its audit of 2000 Forbes Global companies affected by Heartbleed.

"3 out of 4 Global 2000 with public-facing systems vulnerable to Heartbleed are still open to breach," the report said. This means only 416 companies have fully defended themselves against the havoc Heartbleed could wreak.

It's taking companies such a long time to react because the vulnerability is so fundamental that merely patching the problem wouldn't do the trick. At the time it was discovered, security experts said that a complete overhaul would be necessary to fix the problem. Beyond patches, all keys and certificates would need to be revoked then replaced.

Most companies have not done this.

"Venafi has identified 580,000 hosts belonging to Global organizations that have not been completely remediated," writes the report.

This means that although companies may have patched the problem (in fact, everyone company has), they haven't performed the second and third steps of revoking and replacing all of the necessary keys. These two tasks are necessary to fend off future attacks.

"Failure to revoke the old certificate enables the attacker to use the old certificate in phasing campaigns against the organization and its customers," Venafi explains.

In short, unless all bases are covered, attackers can still attack these companies and gain access to this private data.

NOW WATCH: This Excel trick will save you time and impress your boss

READ MORE ARTICLES ON


Advertisement

Advertisement