Parting Thoughts

OFFICIAL MARINE PARTS EXPRESS BLOG

 
  • About Marine Parts Express
  • Contact Us
Menu
  • About Marine Parts Express
  • Contact Us
  • The Heartbleed Bug

    Brian, our security guru, immediately confirmed that Marine Parts Express was protected from this bug and that our systems were and are secure.

    Below is an article published in “Fermilab Today” written by Irwin Gaines that is one of the best and most comprehensible explanation on how Heartbleed worked.

    Software is never completely free from bugs. Occasionally, a seemingly trivial bug can have far-reaching consequences. The Heartbleed bug in OpenSSL, which has gotten much media attention recently, is an example.

    OpenSSL stands for open secure socket layer. This widely used set of software enables websites that might be collecting sensitive information to reliably identify themselves. This helps assure customers that they are dealing with those they think they’re dealing with. It also provides secure encryption of data sent over the Internet so it cannot be “overheard” by electronic eavesdroppers.

    OpenSSL allows outsiders to query an OpenSSL server to ensure it is functioning. The sign that it is indeed functioning is called a heartbeat. The heartbeat response is a small piece of data sent from the server back to the user who initiated the query. However, a programming error left the data size of this query unchecked. Consequently, hackers could request a very long response that included whatever happened to be sitting in the server’s memory when it responded to the query.

    By making many queries, a hacker can accumulate large amounts of sensitive information — supposedly secret information, such as passwords or credit card numbers — that customers sent to the OpenSSL server and, more importantly, the secret key that the server uses to identify itself to customers and to encrypt data. Possession of the secret key allows a hacker to eavesdrop on an encrypted conversation and create a website that masquerades as the real site from which the secret key had been stolen.

    This sounds pretty scary, but in reality, although this bug has been present in one version of OpenSSL software for almost two years, there is no evidence that hackers were trying to exploit it before it was discovered a few weeks ago. A study from Lawrence Berkeley National Laboratory concluded that no attempts had been made to use this bug on any of their OpenSSL servers for the three months prior to its discovery. Furthermore, the secret key, the most dangerous piece of information that might be stolen, is not present in the server’s memory except right after the server is rebooted, so they are not easy to capture. Most commercial vendors were not using any vulnerable versions of OpenSSL, and sites that were vulnerable quickly patched their servers. The most sensitive systems changed their secret keys just in case.

    At Fermilab, any servers that had been susceptible have since been patched, and they were not collecting any sensitive information anyway. Functions such as email, SharePoint, Fermilab Time and Labor, ServiceNow and VPN were never vulnerable.

    This is yet another reminder that the Internet is a dangerous place. You must constantly be alert. Perhaps the biggest danger associated with Heartbleed is spam email pretending to be from some service that has supposedly been affected by the bug. As always, be extremely suspicious of any email message that asks you to enter a username and password for any reason.

    —Irwin Gaines


    Comments? Questions? Suggestions for topics for our blog or newsletter? Send them to
    info@marinepartsexpress.com.

    Marine Parts Express is a division of Water Resources, Inc., a privately held Maine Corporation.

    For all your marine engine parts needs, call us toll free at 877.621.2628, or outside the U.S. at 207.882.6165.

    Share this:

    • Click to share on Twitter (Opens in new window)
    • Click to share on Facebook (Opens in new window)

    Related

    April 29, 2014 / JD Neeson / 0

    Categories: JD Neeson, Technology, The MPE Crew

    Tags: brian sutter, heartbleed, marine parts express security

    Things I Found While Looking For Something Else – Part V OMC and Volvo Penta Ignition Module (Part No 3854077)

    Leave a Reply Cancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

  • Birds
  • Boating and Fishing
  • Books
  • Economy
  • JD Neeson
  • Musings
  • Nature
  • Noreen O'Brien
  • Stacy Lash
  • Technology
  • The Express
  • The MPE Crew
  • Uncategorized
  • Volvo Penta Service Bulletins

Archives

  • January 2017
  • October 2016
  • September 2016
  • August 2016
  • May 2016
  • November 2015
  • July 2015
  • February 2015
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • December 2012
  • November 2012
  • August 2012
  • May 2012
  • April 2012
  • February 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • May 2010
  • April 2010
  • March 2010
  • December 2009

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
 

Archives

  • January 2017
  • October 2016
  • September 2016
  • August 2016
  • May 2016
  • November 2015
  • July 2015
  • February 2015
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • December 2012
  • November 2012
  • August 2012
  • May 2012
  • April 2012
  • February 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • May 2010
  • April 2010
  • March 2010
  • December 2009

Categories

  • Birds
  • Boating and Fishing
  • Books
  • Economy
  • JD Neeson
  • Musings
  • Nature
  • Noreen O'Brien
  • Stacy Lash
  • Technology
  • The Express
  • The MPE Crew
  • Uncategorized
  • Volvo Penta Service Bulletins

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org

Tag Cloud

    american goldfinch bird feet configuration Birds blue jay brown creeper cardinals China debt Downy Woodpecker Economy ethanol flame arrester flame arrestor gear ratios hermit thrush hummingbirds low flow lubricants Lytro magnetic alignment magnifying glass magnolia Maine maine authors maine golf maine hunting camp maine winter manufacturing Margaret Graham Neeeson Margaret Graham Neeson Marine Parts Express mercruiser oriole osprey overheating propeller prop sizes Ruby-Throated Hummingbird sail drive service bulletin The Skipper volvo volvo penta wild turkey Winter

Pages

  • About Marine Parts Express
  • Contact Us

Categories

  • Boating and Fishing
  • Books
  • Economy
  • Musings
  • Nature
    • Birds
  • Technology
  • The Express
  • The MPE Crew
    • JD Neeson
    • Noreen O'Brien
    • Stacy Lash
  • Uncategorized
  • Volvo Penta Service Bulletins

Copyright © 2016 Parting ThoughtsTheme created by PWT. Powered by WordPress.org