eScan's Online Solution for Heartbleed Bug Launched
Bangalore: eScan has launched an online tool to identify the latest vulnerability, Heartbleed bug, which has been ravaging the cyber world. eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It provides protection from current threats as well as proactive protection against evolving threats combining the power of various technologies. eScan provides Multi-level Real-time Protection to Computers and Networks.
The Heartbleed bug which was disclosed on April 7 2014 is capable of scraping a server's memory and has been in existence on the Internet for the past two years. It allows hackers to exploit a flaw in the OpenSSL encryption software used by a majority of major websites to steal data.
"Users are likely to be affected either directly or indirectly. Hackers are using smart social engineering tricks more and more often on popular social sites, company's site and commercial sites. Hence, our newly launched online tool makes it easy for IT users to enjoy safe internet browsing and have a secured computing experience," says Govind Rammurthy, MD & CEO, eScan.
The Heartbleed bug, basically takes advantage of OpenSSL encryption software, which is in standard use by many websites and while browsing an SSL site, the secured site is designated by the small padlock symbol, however not all web servers have deployed OpenSSL.
A new protocol was introduced to the TLS/DTLS allowing the usage of keep-alive functionality without performing a renegotiation. When messaging back and forth on a secure connection, sometimes computer wants to check the other computer’s availability. This cross checking is done by sending a small packet of data, called ‘Heartbeat’. The Heartbleed bug flaw allows hackers to use a fake packet of data, which tricks the computer into responding with arbitrary data stored in the memory by OpenSSL.
The tool can be accessed at www.escanav.com. By simply typing a particular website address into the box displayed in the tool, the safety of the given website could be revealed.
|