Newly-discovered OpenSSL bug potentially leaves over two-thirds of global web servers vulnerable to attack
Experts at Gulf Information Security Expo & Conference to deliver valuable insight on resources and latest developments in the field
Dubai, United Arab Emirates
More than 17% of the Internet’s secure web servers are believed to be vulnerable to the Heartbleed security bug attack*, allowing the theft of servers’ private keys and users’ session cookies and passwords. To address the countermeasures against this potentially devastating bug, leading experts will provide ‘Healing’ insights at the second Gulf Information Security Expo & Conference (GISEC) 2014 from 9to 11 June at Dubai World Trade Centre (DWTC).
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library that allows stealing information protected under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
Leading information security experts including Robert Bigman, former Chief Information Security Officer at the CIA; Mikko Hypponen, Chief Research Officer at F-Secure; Nader Henein, Advance Security Solutions, Advisory Division, Blackberry and Nicolai Solling, Director of Technology Services at Help AG, which is currently into assessing the market requirements for Managed Security Services, will tackle various subjects about Heartbleed that was publicly disclosed as recently as 7 April 2014.
“Heartbleed is exactly what happens when you stop paying attention to the details. This race to the bottom that seems to have taken over the industry with the push to consumerisation is not about sacrificing security for usability, it’s about finding a solution that does not require you to compromise on either, there is no such thing as “Good Enough” when it comes to security.” said Nader Henein, Advance Security Solutions, Advisory Division, Blackberry.
Nicolai Solling, Director of Technology Services at Help AG said: “What I can say is that organisations have been very busy making sure they are not vulnerable to cyberattacks. Immediately after news of the vulnerability broke, we sent out communications from our support help-desk and were continuously in touch with our customers in addressing the impact. In the first three days alone since it was exposed, there were over 60 cases that were registered and numerous devices were patched, and certificates re-issued.
“The response has been excellent and all the customers, whom we provided the service as per the contract agreements, are now secured against Heartbleed. I must emphasise that it is important not only to patch the affected servers but also to reissue the certificates since the private keys were exposed by the vulnerability,” he added.
Konstantinos Karagiannis, Director of Ethical Hacking Centre of Excellence at BT, commented: “The panic surrounding Heartbleed reminded the industry what could happen when many applications and servers around the world are vulnerable to a security flaw. Imagine what would happen if every secure communication stream in the world became vulnerable. Quantum computing has the potential to enable the first organisations that build such machines to eavesdrop on virtually any encrypted data streams at will. BT is working with partners to develop the next generation of encryption schemes that may be a requirement for true data safety in the near future.”
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
“GISEC has identified that the Heartbleed bug could have disastrous consequences if the threat is not managed properly and quickly. With several eminent authorities in the field of information security convening at GISEC, those who would like to learn more about Heartbleed can find their answers at the event and they will gain global insight as well as grasp the regional impact and the industry’s latest response to this threat,” said Trixie LohMirmand, Senior Vice President, Dubai World Trade Centre, organisers of the exhibition and conference.
In this context, topics such as ‘Learn how we can prevent another Heartbleed’, ‘Maximising incident response speed’, ‘How to avoid ‘Heartbleed’ threat’, ‘7 Ways to Stop the Heartbleed’ amongst others will be discussed by speakers and vendors alike.
Robert Bigman’s keynote address of Day 1 of the GISEC Conference will shed light on the vulnerability of Heartbleed, especially clear prevention methods the audience can use to protect their internal corporate networks under the theme ‘Change the way you connect to the internet’. Mikko Hypponen – the man who tracked down the authors of the first PC virus ever recorded – will deliver his keynote address on Day 2 of the GISEC Conference and will discuss critical information security issues to empower one with superior protection. Wim Remes, Chairman of the Board of Directors at (ISC)2 will focus on strategies to map out existing infrastructures to adequately protect them against realistic threats among several others.
The conference segment of GISEC, from 10 to 11 June, will host delegates from over 18 countries and explores issues on global cybersecurity vulnerabilities and threats against systems, applications, and personal networks. The free-to-attend security sessions on vendor-run educational presentations, workshops, demonstrations, informative speeches and case-studies will give I.T. professionals useful insights to help defend their businesses from cyberattacks.
As the region’s only large-scale information security platform, GISEC will gather industry, government and thought leaders as well as international and regional cybersecurity experts in various business verticals such as I.T., oil & gas, banking & finance, government, legal, healthcare and telecoms to meet the growing requirements for information security and countermeasures in the region.
The must-attend event is set to draw 3,000 trade visitors from 51 countries and more than 100 exhibitors from the world’s leading information security companies and brands. 91% of last year’s attendees were purchasing decision makers from a wide range of industries.
Powered by GITEX TECHNOLOGY WEEK, the region’s leading Information and Communications Technology (ICT) event, GISEC is strictly a trade-only event and is open to business and trade visitors from within the industry only. GISEC is open 10am-6pm from 9-11 June. Visitor attendance is free of charge. For more information, please visit www.gisec.ae.
– The Heartbleed bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon and Neel Mehta of Google Security, who first reported it to the OpenSSL team. Codenomicon team found Heartbleed bug while improving the SafeGuard feature in Codenomicon’s Defensics security testing tools and reported this bug to the NCSC-FI for vulnerability coordination and reporting to OpenSSL team.
– Heartbleed bug image source: nickstech.net
Source:Gulf Information Security Expo and Conference