Thursday, April 17, 2014

Bruce Gaster, President of Corporate Information Technologies, Inc., discusses the Heartbleed Virus

Bruce Gaster, President of Corporate Information Technologies, Inc. discusses the Heartbleed Virus.



HYPOLUXO, Fla. --(BUSINESS WIRE)—April 17, 2014-For Immediate Release - On April 7, 2014 it was finally made public that there was a serious flaw in Open SSL Security. Open SSL is the security that provides communication security in Linux servers thru out the world and powers approximately 30% of the internet. Millions of user’s security has been compromised.

“There are two types of security worldwide that is used to encrypt data and ensure data security and one of them has been flawed, possibly since its inception.” says Bruce Gaster, President of CIT. “Many internet companies utilize Linux servers as their backbone due to its Open Architecture and low cost. Open SSL was developed to provide secure communication and now we are finding that it has a serious flaw” continues Gaster.

William Cellich, CISSP (Certified Information Systems Security Professional) and President of the South Florida Chapter of the Information Systems Security Association (ISSA) heads up CIT’s Security Practice and adds his comments. “What happens with SSL and Open SSL is that there is a trust established between servers. Servers communicate a cryptography key between them to establish and keep secure communications” says Cellich. “With the flaw in Open SSL, once the trust has been established, a malicious user can ask the host server for a string of the last x numbers of characters it has received. Since a “trust” has been established, the host server gives this information, which can include user names, passwords, bank information, credit card information and anything else that has been communicated” Cellich continues.

Companies that have been affected (and have admitted it so far) include: Google (including Gmail), Yahoo (including Mail and Finance), Amazon Web Services, GoDaddy, Facebook, Instagram, Pinterest, Tumblr, Flickr and many others.

“Fortunately, most businesses that CIT manages maintain proper security protocols and do not share corporate data thru services like those affected” says Gaster. “We do, however, see many companies that allow business communications thru services like Gmail, GoDaddy and others and it is imperative that they keep a close eye on what exposure they have. You will note the absence of Microsoft and their products from this list” Gaster continues. “The networks that we design and manage are on a Microsoft Platform so their business communications are safe. All companies should take immediate steps to make sure that they do not allow communications outside of what their Corporate Governance allows and IT needs to make sure these policies are followed.”

About CIT
Corporate Information Technologies, Inc. has been providing reliable information technology services to our valuable clientele in South Florida for over two decades. CIT works with businesses to develop strategies to optimize performance and productivity. Their services include network design, website development, continuity and disaster recovery, as well as computer repairs and various security services. They strive to predict changing needs of businesses and be prepared before a problem arises.