Your new post is loading...
"Heartbleed lets an adversary look through the window of a house and gather information based on what they see," said Geffner, using an analogy. "Venom allows a person to break in to a house, but also every other house in the neighborhood as well."
Geffner said that the company worked with software makers to help patch the bug before it was publicly disclosed Wednesday. As many companies offer their own hardware and software, patches can be applied to thousands of affected customers without any downtime.
Now, he said, the big concern is companies that run systems that can't be automatically patched.
To take advantage of the flaw, a hacker would have to gain access to a virtual machine with high or "root" privileges of the system. Geffner warned that it would take little effort to rent a virtual machine from a cloud computing service to exploit the hypervisor from there.
"What an adversary does from that position is dependent on the network layout," said Geffner, indicating that a datacenter takeover was possible.
Heartbleed lets an adversary look through the window of a house and gather information based on what they see," said Geffner, using an analogy. "Venom allows a person to break in to a house, but also every other house in the neighborhood as well."
Geffner said that the company worked with software makers to help patch the bug before it was publicly disclosed Wednesday. As many companies offer their own hardware and software, patches can be applied to thousands of affected customers without any downtime.
Now, he said, the big concern is companies that run systems that can't be automatically patched.
To take advantage of the flaw, a hacker would have to gain access to a virtual machine with high or "root" privileges of the system. Geffner warned that it would take little effort to rent a virtual machine from a cloud computing service to exploit the hypervisor from there.
"What an adversary does from that position is dependent on the network layout," said Geffner, indicating that a datacenter takeover was possible.