2014 was the year of cyber-security mega-vulnerabilities. What makes mega vulnerabilities unique are they strike at the core of the Internet infrastructure and can impact nearly every connected device and every Internet user on the globe. 2014 saw the emergence of three mega-vulnerabilities Hearbleed, Shellshock, and POODLE.
Heartbleed, Shellshock, and POODLE were the top three major web vulnerabilities uncovered in 2014 according to Fred Donovan at FierceITSecurity. In case you have not heard of this trio of troublemakers, Web security firm Incapsula produced the following infographic.
The Incapsula infographic looks at each of these vulnerabilities and layout when they were discovered, what type of vulnerability they are, what systems and the number that are affected, the risks posed by the vulnerabilities, their severity, how easy they are to exploit, and the difficulty of fixing. Tim Matthews, vice president of marketing for Incapsula wrote in their blog:
What makes these mega vulnerabilities special is that unlike most vulnerabilities that are specific to a particular OS, browser or software application, these three relate to the core Internet infrastructure (e.g., SSL and Linux devices) and, in essence, affect just about every connected device owner and every Internet user on the globe.
rb-
In their blog, Incapsula warns this is the tip of the iceberg of mega-vuln‘s that exploit other structural core functions of the Intertubes. Wired reports that after 8 months, 300,000 machines remain unpatched against Heartbleed.
Related articles
- Web Freedom Is Seen as a Growing Global Issue (cacm.acm.org)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.