Privacy Monday - April 14, 2014: Heartbleed Headaches
Last week was certainly the "week of the Heartbleed." Unless you have been on vacation on a remote island (and if so, good for you!), you have heard and read much about the latest mass bug to infect the Internet.
If you do not know whether your servers are affected by Heartbleed, or have decided not to do anything about it, perhaps you should consider the potential for future liability arising out of breaches that could have been avoided by patching OpenSSL, and you may want to read this, and forward it to your C-suite.
If you have already checked your servers and feel relieved, you may want to check with other providers in your technology stack. For example, Cisco and Juniper Networks were scrambling last week to notify customers and issue patches for products and software. Cisco and Juniper said the security flaw affects routers, switches and firewalls often used by businesses. That means hackers might be able to capture usernames, passwords and other sensitive information as they move across corporate networks, home networks and the Internet. Cisco created an Event Response Page and Juniper has an "Out of Cycle Security Bulletin"
Rather than our usual "bits and bytes" on this Monday, below is a collection of articles on Heartbleed.
- Heartbleed - Codenomicon
- Heartbleed - Schneier on Security
- Digital heart attack - The Economist
- Heartbleed bug puts the chaotic nature of the Internet under the magnifying glass - The Washington Post (tiered sub.)
- Retailers Sending Mixed Messages in Wake of 'Heartbleed' Bug Scare - ABC News
- Massive OpenSSL Bug 'Heartbleed' Threatens Sensitive Data - The Wall Street Journal (sub. required)
- Ecommerce Sites Warn Sellers About The Heartbleed Bug - Pymts.com
- Heartbleed portends larger security threats - The Washington Post (tiered sub.)
And Mashable has a great piece with a matrix of sites and whether you should change your password just yet.
Messaging to customers and site users is important and should be well-coordinated with technical, communications --- and legal. Inaccurate, late to the party, or misleading messaging could lead to Heartbleed headaches.