The board chairman at Codenomicon, Howard Schmidt, is not only a data security expert but also an avid Harley-Davidson aficionado. Codenomicon, a Finnish data security firm credited for the recent discovery of a major data security vulnerability, has ties with the most influential cyber-security organisations in the world. Helsingin Sanomat believes the clients of the originally Oulu-based firm have included the National Security Agency (NSA), the United States Department of Defence and the Nato Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia.

Last summer, Codenomicon revealed that roughly a quarter of its revenue stems from the defence sector.

On Monday, Codenomicon announced the discovery of the so-called Heartbleed bug, a data security vulnerability in the popular encryption protocol OpenSSL. The discovery of the bug was reported virtually concurrently by the software developer Google.

Codenomicon looks for security flaws in the systems of its clients with its patented Attack Simulation Engine.

Analysts at Codenomicon made a ground-breaking discovery also in 2002, catching the attention of Howard Schmidt, a cyberspace security advisor for the administration of President George W. Bush. Schmidt was in 2008 named as a board member at Codenomicon and is currently the board chairman at the data security firm. In 2009, he was appointed as the chief computer security advisor to President Barack Obama.

- The so-called Heartbleed bug was detected in the popular security protocol OpenSSL, which is used to encrypt passwords and online transactions.

- The bug was created unintentionally already in 2012 but is not believed to have been exploited.

In theory, the data security bug discovered this week enables infiltrators to access sensitive data on servers, such as user credentials, passwords and credit card details.

Kauto Huopio, a chief specialist at the cyber-security division of the Finnish Communications Regulatory Authority, says that Finnish providers of online services have patched up the vulnerability promptly. He estimates that within 24 hours of the announcement, the number of vulnerable services had declined by roughly three-quarters.

Internet users are advised to change their passwords after online services have plugged the security hole.

Laura Halminen, Juhani Saarinen – HS
Aleksi Teivainen – HT
Photo: Juha Metso