"Heartbleed vulnerability" impacts websites, threatening Internet user privacy and corporate security

(email helpline now available at Heartbleed.ca)

TORONTO, April 8, 2014 /CNW/ - A security advisory for the Internet's most popular encryption library warns of a simple software bug that has the potential to impact the privacy and security of countless numbers of Internet users and companies. Malicious attackers could use the so-called "Heartbleed bug" to easily steal server encryption keys, usernames, passwords, instant messages, personal emails, transactions and sensitive business information from most of the world's Web servers running the vulnerable software called OpenSSL.

"Anyone can conduct a simple search that immediately yields tens of thousands of vulnerable servers but the number of vulnerable servers is much larger based on the popularity of this software" according to Claudiu Popa, Principal Risk Advisor at Informatica Corporation, a Canadian provider of standardized security testing and independent risk assessments.

Companies have multiple immediate challenges:

  1. mobilizing the qualified resources to correct the issue
  2. ensuring that no systems/platforms are overlooked
  3. avoiding business interruptions during system upgrade/testing
  4. independently verifying the effectiveness of remediation efforts
  5. notifying users, partners, clients and other stakeholders

Although a patch has been released, many companies will face challenges in updating the affected software and firmware running on diverse operating systems and networked appliances. Google Security and Finland's Codenomicon initially reported the Heartbleed bug in OpenSSL software which has reportedly gone unnoticed since 2011. Unfortunately attacks are undetectable and can be launched without any need for special credentials or privileged information.

Informatica offers an email hotline staffed by certified security professionals to help Canadian organizations remediate or schedule an independent review: Verify@Heartbleed.ca. Also available is a free checklist of remediation steps.

About the company:

Established in 1989, Informatica is Canada's first security assurance-as-a-service company, specializing in standards-based, independent privacy and security vulnerability assessments and information technology audits.

Informatica's fully-customizable assessment process is used nationwide for auditable verification of systems, policies and applications. Savvy organizations use the Verify™ seal and Statement of Trust™ to demonstrate compliance, leadership and due care. [http://Bit.ly/GetVerify]

Reviews and pre-audit assessments for PIPEDA, PHIPA, CASL, PCI-DSS 3.0, ISO 31000, ISO 27000, PIPEDA, PHIPA, Bill198 conducted by certified security professionals and Risk Advisors.

SOURCE Informatica Security Corporation

For further information: Claudiu Popa, CEO, Informatica Corporation, email: Soundbites@SecurityandPrivacy.ca, www.SecurityAssessments.ca,Twitter:@datarisk, 1 Yonge St. Toronto, Canada, 416-431-9012