Saturday, April 12, 2014

Heartbleed Bug



Even if you read a little about tech news, I doubt you may not have not heard the name Heartbleed bug. It has shaken the internet geeks! But what is this buzz all about?

What is a Heartbleed?

Heartbleed bug is a serious vulnerability in one of the implementation of SSL/TLS cryptography protocol which is OpenSSL. The scary thing is, OpenSSL is used by the 2/3 of the websites on the internet. And this bug went undetected for 2 years.

How serious is this bug?

Quoting the security expert Bruce Schneier,  
            "Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.

What is the risk?

This security bug can allow attacker to read arbitrary 64kb chunk of server memory. The vulnerability lets a hacker access up to 64 kilobytes of server memory, but perform the attack over and over again to get lots of information.  This allows the tracking the username, passwords and cookies. The Heartbleed bug is putting millions of passwords and credit card numbers at risk.

As reported by Mark Loman, he was able to see username and password in plaintext using this vulnerability.


What can I do to make sure I am secure?

If you have access to server, you will need to install latest OpenSSL patch. If you are just a user, you can do nothing until website / web server administrator has fixed the issue. Once the issue is fixed at sites, we recommend you to change your passwords ASAP. To check if the issues is fixed on  aparticular site, check : http://filippo.io/Heartbleed/ .

How do I know if I am not compromised?

Unfortunately, exploitation of this bug leaves no traces of anything abnormal happening to the logs as said on heartbleed.org . You won't find any abnormality in your log if you've been compromised.

Which famous sites were affected by this bug?

Being a most famous SSL implementation, this was being used by most of the website. Few of the famous sites allegedly affected are below:
·         Facebook
·         Instagram
·         Pinterest
·         Tumblr
·         Twitter
·         Google
·         Yahoo
·         Gmail
·         Yahoo Mail
·         GoDaddy
·         Intuit Turbo Tax
·         Dropbox
·         Minecraft
·         OkCupid
·         Stackoverflow

Monday, March 3, 2014

New Prescription Guidelines for Doctors In Maharashtra calls for much needed Standardization

The medical council and healthcare government bodies on Friday released guidelines for doctors to write prescriptions. The sweeping guidelines are a welcome relief and will help reduce errors. Also they give a push to using technology to better comply with these standards and improve overall patient care.  

The new guidelines include more information about the prescribing doctor, prescribed drugs and also patient information. Important parameters like the patients’ weight and age will help pharmacists also catch any errors at their end.

Prescription rules prepared by the Indian FDA on the basis of the Drug & Cosmetics Act suggest a uniform format, and advise writing or printing Drug Names in capital letters and also generic names of drugs as much as possible.

Using prescription software with basic patient information and pre-entered drug database will increase the doctor’s productivity in preparing such prescriptions and minimize errors during writing.

Below is the first look at the actual printed guidelines as shared with Doctors.