Nearly two and a half years have elapsed since the OpenSSL vulnerability known as the Heartbleed bug was initiated. Beginning on December 31st of 2011, 64 kilobytes of data have been leaking out of an estimated 17% of servers from around the globe [1].
Hackers have been able to take advantage of this exploit by utilizing a heartbeat request to query a memory response from servers maintaining data for entities such as Yahoo!, Imgur, and Slate.com. Even the FBI and Deutsche Bank have been caught in the wake of Heartbleed since it was revealed [2].
CimTrak and Heartbleed
Over the past two days, we have received many inquiries from CimTrak customers with questions about Heartbleed. The Heartbleed vulnerability does not affect any version of CimTrak. The implementation of TLS in CimTrak does not contain the bug that made HeartBleed possible.
How Can CimTrak Help With The Heartbleed Vulnerability?
Heartbleed may have compromised many servers and network devices in an organization’s network. It is possible that the credentials and keys to those systems have been exposed and used to maliciously access those systems.
CimTrak can be installed on those systems to help ensure that none of the exploited machines have been altered in any unexpected manner. CimTrak is especially helpful, as none of the changes that ultimately result from Heartbleed will have a signature associated with them. Because of this, many traditional security tools will offer little to no protection. Since the exploit will result in rogue access to systems and keys, implementing an integrity monitoring tool, such as CimTrak, on all critical systems is one of the few defenses that will provide true IT security.
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".
