Posted by: Michael Tidmarsh
Heartbleed image via Shutterstock
The IT world (and the world in general) has been abuzz over the Heartbleed bug that may have affected over 500,000 Internet sites. To help you keep up with all the news, information, and fallout from the bug, we’ve gathered all the cruical information you need to know about Heartbleed.
What’s this all about?
- OpenSSL vulnerability ‘Heartbleed’ may have exposed encrypted traffic - The researchers who discovered the ‘Heartbleed’ OpenSSL vulnerability say it could have exposed encrypted Internet traffic for millions of systems.
- ‘Heartbleed’ bug strikes, personal identifiable information bleeds out – It’s not just about websites; Heartbleed could affect all sorts of systems, from cable boxes to IT equipment (and they could’ve been vulnerable for more than two years).
Who’s been affected so far?
- Mumsnet becomes first known UK victim of Heartbleed bug – The parenting website Mumsnet became the first known UK victim of the Heartbleed bug after the site believed hackers could steal passwords and messages from its 1.5 million users.
- Cisco and Juniper warn of products hit by Heartbleed bug – Cisco and Juniper have issued security bulletins warning that some of their products are vulnerable to the Heartbleed bug.
- Canada Revenue agency reports Heartbleed data theft – The Canada Revenue Agency reports that attackers exploiting the Heartbleed bug have stolen the social insurance numbers of 900 Canadians from the agency’s website.
- The Heartbleed OpenSSL vulnerability may pose risk to Android users - Millions of Android devices may be vulnerable to the bug, but experts say the actual risk to Android users remains unclear at this stage.
What has been done to respond?
- The Heartbleed genie is out of the bottle – now what? – Now that the details of Heartbleed are public, anyone can use it against vulnerable servers. What should be done?
- Heartbleed repairs threaten to cripple the Internet – The internet could slow to a crawl as companies scramble to fix the Heartbleed bug, security experts warn.
- ‘Heartbleed’ OpenSSL vulnerability: A slow-motion train wreck – As organizations continue their efforts on repairing the “Heartbleed” OpenSSL vulnerability, one security expert believes the extent of the damage done won’t be known for quite some time.
- Heartbleed denial reveals loophole for NSA spying – Even though the NSA has denial allegations that it knew of or exploited the Heartbleed bug, government officials revealed a loophole that would allow for such actions.
- Both attackers, researchers exploit Heartbleed OpenSSL vulnerability – Proving the Heartbleed OpenSSL vulnerability can be exploited in the wild, two organizations say attackers have used it to glean sensitive data.
- Tests prove Heartbleed bug exposes OpenVPN private keys – More exploits confirmed, this time with VPN servers running the OpenVPN application.
What do you think? Share your thoughts in the discussions below:
- What is your organization’s plan to defend against the wide-ranging Heartbleed OpenSSL vulnerability?
- Why did it take researchers so long to find the bug?
- Is the Heartbleed bug an augur of Internet security troubles to come?