Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)
Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Gamified Intelligent Cyber Aptitude and Skills Training (GICAST)

2.5 Tracking a moving target

Described image
Figure _unit9.2.6 Figure 13

Security is an ever-changing topic. New technologies are always being introduced and they bring new risks, or allow old threats to resurface in a new form.

Old technologies are retired by manufacturers, potentially leaving their users exposed to danger as bugs and security weaknesses remain unaddressed. And there are new threats being discovered every day, as the Heartbleed bug shows only too well.

In April 2014, news broke about a serious bug that affected at least half a million websites. Called ‘Heartbleed’, the bug affects a program used by web servers to establish secure connections for web browsers so that financial or personal information can be safely exchanged over the internet. Heartbleed is a fault in OpenSSL’s heartbeat function which is usually used by the computer on one end of an SSL connection to check that the remote computer is still connected. However, the bug allows a fake heartbeat message to return a copy of the contents of a chunk of the server’s memory which could include the site’s certificates (used to prove the site is genuine), unencrypted user passwords, credit card numbers or other personal information.

The Heartbleed bug was introduced into a version of OpenSSL released in early 2012 and was present in all versions of the software until April 2014. For more than two years Heartbleed was present on a huge number of websites, including those of very large organisations such as Yahoo!, the photo sharing site Flickr (owned by Yahoo!) and the slate.com news site, during which it created a security risk for all users.

To the best of our knowledge, Heartbleed was discovered by two groups of researchers, including people at Google, who, as is typical for computer security, worked with the designers of OpenSSL to fix the problem before a public announcement of the bug. However, it is entirely possible these weren’t the first people to find Heartbleed and it might have been known to criminals for some time.

At the time of writing, the effects of Heartbleed are still not known. So far, thousands of developers all around the world have been checking and updating web servers, creating new security certificates and in some cases asking all users to change their passwords. Even if no crime is ever committed as a result of Heartbleed it will have cost a huge amount of money to fix.

CYBER_B2

Take your learning further371

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses372.

If you are new to university level study, we offer two introductory routes to our qualifications. Find out Where to take your learning next?373 You could either choose to start with an Access courses374or an open box module, which allows you to count your previous learning towards an Open University qualification.

Not ready for University study then browse over 1000 free courses on OpenLearn375 and sign up to our newsletter376 to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371