What is Heartbleed?
Heartbleed is a vulnerability within OpenSSL; a popular software product used by many websites and network devices to provide secure connections. The vulnerability exists due to a logic error within the OpenSSL code. This flaw allows criminals to access parts of a web server’s memory that may contain sensitive information
How serious is this problem?
Very serious. The Heartbleed defect could expose information such as usernames and passwords, credit card information and other sensitive information that would be sent by the user to the website, network device or mail servers. Web technologies are present in devices that are not web servers meaning you may have more at-risk technology than is immediately obvious. There is some indication that certain web browsers may be affected although specifics are not yet known.
How KPMG can help
KPMG’s member firms have designed and implemented Cyber Security capabilities in some of the world’s largest corporations and assisted clients in handling complexsecurity breaches. This insight provides our teams with a unique viewpoint on the building blocks for detecting and defending against cyber criminals. KPMG can assist in addressing the Heartbleed issue by:
- Assessing systems and networks for the presence of the vulnerability
- Performing forensic analysis of affected systems and supporting networks to identify indicators of abuse
- Analyzing the risk associated with compromised systems
For more information on Heartbleed, including a quick decision tree, on our related services and on whom to contact across Canada, please consult our Heartbleed Slipsheet.