Heartbleed: Serious Security Vulnerability

Serious Wake-up Call

by Bruce Kleinman, FSVadvisors, foreword by Kevin Morris

Imagine if you woke up one morning, and found out that Walmart was now selling a device for $5 that could easily and instantly open almost any deadbolt lock. That’s right - the kind of lock that is supposed to give “extra protection” to just about every door on earth. That’s the magnitude of security problem posed by the Heartbleed Bug.

Contributing columnist Bruce Kleinman wrote the first half of this article and posted it to his “From Silicon Valley” blog on April 6, 2014. The timing of the post was a remarkable coincidence: just 36 hours before the Heartbleed Bug started making headlines.

As the creators of technology, we engineers need to re-think our commitment to security and safety. The systems we design don’t just earn us money – they are often trusted to protect people’s lives, privacy, and assets. This is a solemn responsibility that is all too often overlooked or given short shrift in our ongoing race to get timing closure, first silicon, working prototypes, and volume shipments.  Read More


latest news

April 15, 2014

High Performance COM Express® Mini Module Powered by Intel® Atom™ E3800 & Celeron® N2930/J1900 Processors

March 27, 2014

VadaTech Announces Xilinx All Programmable FPGA Mezzanine Carriers in AMC Form Factor

Advantech MIO-5271 Fanless Core i 3.5” MI/O-Compact SBC for IoT & Intelligent Systems

ATP Showcases New Industrial Grade mSATA and SlimSATA Solutions at EE Live! 2014

March 19, 2014

Advantech Lifts Packet Processing Throughput to New Highs

March 17, 2014

Advantech’s New Mini-ITX Motherboard with 4th Generation Intel® Core i for Power-and-Cost Efficient Applications

March 13, 2014

Cypress’s New EZ-USB HX3 USB 3.0 Hub Controller Achieves USB-IF Certification

March 06, 2014

Allegro MicroSystems, LLC Introduces New Low Noise, High Precision Digital Output Current Sensor IC

JLT Introduces Next Generation Logistic Computer

Extend Legacy PC/104 (ISA) Support to 2020 with Advantech's 3.5” PCM-9376 SBC

March 05, 2014

Embedian Spins open standard SMARC COM module with Sitara AM335X

March 04, 2014

ADLINK Announces Compact COM Express® Type 6 Module Featuring High Performance and Ultra-Low Power Consumption

February 25, 2014

First congatec COM Express Mini module with single-chip, quad-core Intel® AtomT processor E3800 family

February 24, 2014

COM Express modules with Intel Atom processor E3800 platform

February 19, 2014

ADLINK Technology Unveils 6U CompactPCI® 4th Generation Intel® Core™ Processor Blade Designed for Military and Transportation Applications

Computer News Archive

Accelerating Innovation in Cloud & Mobile Computing

Part 2

by Bruce Kleinman, FSVadvisors

Officer, My Computer Crashed

Self-driving Cars Might Be Better Than What We Have Now

by Jim Turley

Accelerating Innovation in Cloud & Mobile Computing

Part 1

by Bruce Kleinman, FSVadvisors

Saas: Software as Sadism

SNL’s “Weekend Update” Has Nothing on the Software Industry

by Jim Turley

Of HIDs and HALs and Hubs

New Pathways and Ambiguous Terms

by Bryon Moyer

Computer Article Archive

 

Editors' Blog

Ten years and rolling

posted by Dick Selwood

(24-Jan)

IntrinsicID and InsideSecure Come to DropBox

posted by Bryon Moyer

A once-obscure technology peeks through to everyday users. (18-Dec)

Gesture Progress

posted by Bryon Moyer

PointGrab and eyeSight are both gunning for the same space. This early in the game, it’s not a zero sum game: there’s business and continued development for all. (12-Nov)

A Software View of Hardware

posted by Bryon Moyer

There’s a new effort afoot to bridge the hardware/software silos for embedded systems. (20-Aug)

Cache Clunker

posted by Bryon Moyer

Randomizing memory access patterns for security sounds like something that won’t make it into the embedded space. (25-Jul)

Computer Editors' Blog Archive

forum

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 2:19 PM by TotallyLost

TotallyLost
Now if you would like a healthy chill in your spine about client and server side security, consider the following attack that is likely to show up in the wild soon, simply because of how easy/effective it is.

Since IT folks and customers have become VM…

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:46 AM by TotallyLost

TotallyLost
Bruce ... I agree that authentication can be dramatically improved .... however that is less than 1% of the real problem when the base computing platform and environment is not secure.

Securing that is neither easy, or likely, so normal everyday users …

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:31 AM by kleinman

kleinman
John--

This has been a good & healthy bit of "argy bargy", thank you!

You've pointed out some good items and raised awareness that users need to take greater responsibility [a] for client-side security and [b] to 'vote' with their business for gre…

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:09 AM by TotallyLost

TotallyLost
The answer to "how would you improve internet security" ... don't use it, or any computer connected to the internet, to process or store data that you can not risk being compromised.

I have held DOD security clearances, and managed secure data centers,…

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 10:51 AM by kleinman

kleinman
Kudos (again) for raising good points; I am not sure I understand your line of thought however. Yes, there are always vectors of attack (malware, for example) ... are you suggesting that because there is no such thing as perfect security that we should n…

Computer Forum Archive

subscribe to our computer newsletter



Computer On Demand Archive


Login Required

In order to view this resource, you must log in to our site. Please sign in now.

If you don't already have an acount with us, registering is free and quick. Register now.

Sign In    Register