Sit tight: Heartbleed isn’t going away anytime soon

Bad news for those who thought the worst of the Heartbleed bug was already behind us. Security researchers are warning this problem isn’t going away overnight. In fact, expect it to keep creeping up for several months. 

Security experts Secunia have rated the OpenSSL flaw that opened the doors to snooping on all kinds of devices 9 out of 10 on its vulnerability scale. The widespread flaw can affect:

Each individual app and service needs to be fixed individually, and as Secunia’s head of research told The Register, that’s no small undertaking.

Scope of the problem

The problem is that with so many different products affected, vendors are playing catch-up. Some haven’t even admitted to being affected by the flaw for fear that announcing it before they have patches available will be opening themselves to opportunistic attackers.

On the other hand, with attacks being undetectable from this flaw, it’s entirely possible these services are already under attack without anyone even knowing about it.

In short: It’s a mess.

Best bets

You’ve probably heard all the advice getting users to change passwords. Heed it. It’s good advice.

Beyond that, you may want to reach out to vendors to find out if they’re:

  • looking into the matter
  • know of active attacks
  • have been found to be safe, or
  • have already released a patch.

They may not be announcing this information publicly. But if you want to find out, a direct confrontation may be the best approach.

Finally, don’t forget to do some research on your own. Even the biggest vendor announcements can get quietly lost in the shuffle. Even running regular searches for applications you use in Google News is better than nothing.

Hackers will be acting fast on whatever information they learn about vulnerabilities. You’ll want to act just as fast to protect your systems.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy