Jump to content


Google slaps Heartbleed tourniquet on most key services

  • Please log in to reply
No replies to this topic

OFFLINE   sincity


    Advanced Member

  • Members
  • PipPipPipPip
  • 2980 posts
Getting Better
Google slaps Heartbleed tourniquet on most key services

It's likely to be a long week for IT professionals dealing with the aftermath of Heartbleed, the OpenSSL security flaw discovered earlier this week - but Team Google appears to have a good handle on it for now.

The Google Online Security Blog today announced patches to many key Google services affected by Heartbleed, the security bug discovered Monday that potentially allows for theft of data typically protected by SSL/TLS encryption.

"We've assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, and App Engine. Google Chrome and Chrome OS are not affected," explained Google Product Manager Matthew O'Connor in a blog post Wednesday.

The company's security experts are still working to patch "some other Google services" affected by CVE-2014-0160, the official name for the OpenSSL flaw which has been dubbed "Heartbleed."

Android immunity

Google's security team also made it clear today that the Android operating system is largely immune to Heartbleed, with the exception of Android 4.1.1, although the company is already distributing a patch to partners for that version.

Google Cloud Platform and Google Search Appliance customers are also having Heartbleed purged from their services, with an update on the latter expected to arrive within 24 hours for enterprise customers.

Security engineers are also currently busy patching Cloud SQL, with fixes expected to roll out Wednesday and Thursday; in the meantime, Google has posted instructions on how to whitelist IP addresses to prevent unknown hosts from accessing them.

Although many companies are encouraging users to reset their passwords, security experts recommend waiting until fixes are in place to eradicate the Heartbleed flaw; the status of any domain name can be checked absolutely free from the Qualys SSL Labs website.

Also tagged with one or more of these keywords: google

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users