BELMONT, Calif.--(BUSINESS WIRE)--Defense.Net, the only company designed to mitigate the increasing scale and sophistication of modern Distributed Denial of Service (DDoS) attacks, today released statements from the company’s founder, Barrett Lyon, on the “Heartbleed” vulnerability announced last night that has exposed more than half a million websites and may be one of the most catastrophic bugs in secure computing history.
Lyon, whose pursuit of hackers operating as part of the Russian mob was chronicled in the best-selling book Fatal System Error, and who created what is now the $1 billion DDoS mitigation industry more than 10 years ago, noted the following:
- “Unless an OpenSSL implementation has been patched, anyone can remotely view 64K chunks of memory. Said another way, whatever was left behind in the memory of the vulnerable server… becomes public data… This could be passwords, accounts, personal data, and the SSL private keys of the server itself! To give you an idea of how big of a problem this is, this software is used in everything from web sites, VPNs, specialized networking equipment, email communications, phone apps, you name it.”
- “Whether or not this is a bug or an intentional addition is all speculation at this point and it’s been in the software for over two years, exposing anyone using OpenSSL.”
- “To make matters worse, once the bug has been patched globally, it’s highly likely that every SSL certificate that has been on an exposed server will have to be re-issued creating an absolute logistical and security nightmare. The cost of replacing half a million SSL certificates could range in the several hundreds of millions of dollars and it’s unclear when this can or will happen.”
- “But there is an immediate solution that has already been protecting millions of websites from Heartbleed. A side benefit of Defense.Net’s DDoS mitigation is a better and more protected network. In the process of cleaning up invalid bots and removing attack traffic, Defense.Net’s DDoS mitigation also validates legitimate network protocols against illegitimate ones. This is achieved through a process where on one layer of our network we create a proprietary SSL/TLS implementation, and on another layer of our network we monitor and block the behavior of traffic that attempts to exploit the Heartbleed bug.”
More details can be found on Lyon’s blog (http://www.blyon.com/) which will be updated as more is uncovered about this vulnerability.
Founded by Barrett Lyon, who created the Distributed Denial of Service (DDoS) attack mitigation industry more than 10 years ago, Defense.Net has combined the top minds in the DDoS space with breakthrough new technologies designed to effectively address today’s and tomorrow’s DDoS mitigation challenges. It is the only company to defend businesses and organizations against this new generation of massive and sophisticated DDoS attacks while delivering the highest levels of Internet application performance – two areas where legacy DDoS mitigation services have not been able to match the modern strategies of today’s cyberattackers. With increasing threats from the escalating scale and complexity of DDoS attacks and a growing number of antagonists willing to use them, Defense.Net protects organizations from modern attacks by providing end-users with a seamless experience as if no attack were occurring. The company has raised more than $9.5M in debt and equity financing with investors that include visionary security and Internet investor Bessemer Venture Partners (BVP).