The “heartbleed” bug recently discovered is the type of bug that security experts often discuss within the context of doomsday scenarios but truly never want to experience. The bug isn’t platformed specific; e.g. Patch Tuesday – Windows “fixes”; this bug targets the very fabric of secure communications across the Internet and all of those “things” that communicate across it.
The flaw at its very fundamental level steals information from SSL/TLS encrypted communications which is a core security requirement that all business and security executives agree upon without lengthy discussion – think of it as us breathing – essentially an action that is critical to our nature but we don’t consciously think about.
So, how does this new Internet bug impact businesses, consumers, and the average Internet user? Well in the simplest of terms; passwords, credit card information, private communications, intellectual property discussions, and personally identifiable information to name a few could be available for nefarious actors due to this most recent exploit discovery.
This bug is massive in scope and is no longer a fictional doomsday scenario contained within the boundaries of security pontificators. This is real, this is happening now – and as I write this I am overwhelmed by how many family members I will need to help convince to change their password for on-line mail, preferred shopping sites, etc. I can only imagine how CISO’s are feeling this morning around their Internet-connected ecosystem they thought was secure just a few days ago – may very well be exposed from an attack vector they thought was a foundational security protection layer.