Wired have just released the 5 most dangerous software bugs in 2014 – 3 of which affect web security. Once again, web sites, web applications and web servers are the main source of concern for IT administrators trying to prevent unauthorised access from the internet.
The 3 most dangerous software bugs which challenged web security were of course the much talked about Heartbleed bug, Shellshock and POODLE. Heartbleed came to light in April, a server an OpenSSL bug which was estimated to affect 17% of all servers worldwide. While it was described as ‘catastrophic’ a patch was delivered very quickly allowing IT administrators to avoid any repercussions.
The next bug to be found was even bigger; Shellshock was announced in September but fortunately the patch had already been developed. However, the bug was still able to exploited by attackers, with millions of vulnerable computers being used to create botnets for DDOS attacks. As Bash is so widely used, millions of unpatched servers still remain vulnerable to attack.
The final major bug to come to light in 2014 was POODLE, which exploits the mechanism where websites and applications fall back to SSL 3.0, which also means a reduced level of security. This also came in September and unlike Heartbleed and Shellshock is less straightforward to patch. Therefore the resulting action has been for web application providers to remove support for SSL 3.0, Google have already removed it from their Chrome browser.
2014 was without a doubt the biggest year for web security so far, aside from these bugs some very high profile attacks took place; pictures were leaked, large retailers were hacked and even politically motivated attacks took place. All this has really brought web security to the attention of people worldwide; consumers will be more wary, CEOs will feel the pressure and hackers will be seen as having more power than ever.
Acunetix has been amongst the first to flag, support and detect vulnerabilities discovered in 2014. We’re ready to provide the same level of security defence in 2015.