The Heartbleed virus scare that hit OpenSSL encryption libraries two weeks ago is far from over. Even though all major technology and social media firms, such as Google, Facebook and Amazon, have created patches to protect their sites from the virus, the open source code wireframe supporting the internet is anything but in the control of these companies. This week we have collected articles focused on education and next steps regarding the Heartbleed bug.
Microsoft, IBM, Google and Other Tech Giants Team Up to Prevent the Next ‘Heartbleed’ – Wall Street Journal
OpenSSL is an open source encryption tool used by a majority of the Internet. Developers, who mostly work independently in their free time, currently maintain and add to this source. Major tech companies, such as Google, IBM and Microsoft, have pledged to commit to the Core Infrastructure Initiative, the new Linux Foundation project aimed at improving open source software, with the hope of preventing another Heartbleed disaster.
After a string of articles instructing site users to change all of their passwords and developers to patch their systems after the revelation of the Heartbleed virus, a new issue has arisn: companies providing SSL digital certificates for different businesses must reissue those certifications to sites affected by the Heartbleed virus and revoke the old certificates. SSL certificates ensure that a website has a secure server, through which customers can provide confidential information, such as their credit card number or home address.
Heartbleed Highlights a Contradiction in the Web – The New York Times
The Times questions the effectiveness of the current structure of open source code on the Internet, which currently supports many major sites. Instead of developing their own code, many tech giants have opted for the free and what was thought to be more secure sourcing option of OpenSSL. Having in-house developers check the code is not enough; there must be some sort of financial contribution and oversight of the program.
An overview and sketch of how the Heartbleed virus works and what steps IT professionals and security chiefs should be taking to protect their companies’ employees and customers from the bug.