Heartbleed may expose SA financial information

2014-04-15 10:25
John Miller of Trustwave says that the Heartbleed bug presents a real threat to South African consumers' financial information. (Trustwave)

John Miller of Trustwave says that the Heartbleed bug presents a real threat to South African consumers' financial information. (Trustwave)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - South African consumers may have had their personal financial information exposed as more details of the Heartbleed bug become apparent, says an expert.

Heartbleed has caused panic among computer security experts, particularly because it is unknown how long the bug may have been exploited to steal encrypted data.

"Heartbleed exposes sensitive data from servers, and in some cases, clients performing SSL-based encryption. That sensitive data could include users' passwords, payment card information, or session identifiers allowing attackers to assume control of a user's account," John Miller, Trustwave Security Research manager told News24.

Trustwave is a security company that specialises in helping organisation fight cybercrime by, among other things, conducting ethical intrusions and monitoring to ensure data fidelity.

Some have argued that despite the vulnerability, the threat is diminished because hackers can only extract small bits of information in an attack.


Miller dismissed this, saying that there were factors that could still make an attack effective.

"Although the attack only reveals a small portion of memory, it can still reveal these sensitive details. Furthermore, the attack is stable - it does not cause the server to crash - which allows an attacker to run it repeatedly. The memory exposed during each attack request can be combined to gain greater context."

Heartbleed exposes a vulnerability in OpenSSL which is used to transmit encrypted data. When you type in "https" in a browser, you expect that the website is secure, but the bug means that hackers could theoretically compromise your financial information.

The flaw allows hackers to steal bits of information from the memory on computers. Though the data packets are small, passwords, logons and credit card numbers are not typically large files.

Miller said that it was unknown how long the bug could have been used to steal information.

"The vulnerability has been present in OpenSSL releases since March of 2012, leaving plenty of time for advanced adversaries to have discovered and abused it.

"Without widespread awareness of the issue there was little reason for anyone to track the types of requests that would have indicated an attack was underway," he added.

- Follow Duncan on Twitter
Read more on:    trustwave  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.