Essential Guide

Managing information security amid new threats: A guide for CIOs

A comprehensive collection of articles, videos and more, hand-picked by our editors

'Heartbleed' bug strikes, personal identifiable information bleeds out

Searchlight: OpenSSL's 'Heartbleed' spills personal identifiable information; how to be a better CIO; a new twist on packing tape; and more.

Ever find yourself day dreaming (or nightmare-ing) about the demise of the Internet? Life without Google Maps, Wikipedia, online banking, texting over Wi-Fi … without your company's website? Welcome to the day-and-nightmare of the "Heartbleed" bug.

This week, as headlines 'round the world announced, a defect was discovered in one of the Internet's key security methods, OpenSSL, forcing two-thirds of all websites -- that probably means yours -- to consider changes to protect the security of consumers. The so-called heartbeat protocol -- responsible for encrypting online sessions and connecting consumer devices in homes, offices and industrial settings to websites -- is now tainted by the Heartbleed bug.

The information leaked from Heartbleed varies on a case-to-case basis -- as does the advice on how to respond to it. Security experts initially advised consumers to wait for sites to announce that they have dealt with the issue before rushing to change their passwords. That is not the case for IT leaders, who are advised to assume their companies' systems have been infected. Highest priority should be given to systems open to the Internet.

Emily McLaughlin

If you are not already in a sweat over Heartbleed, consider this: MIT Technology Review reported that the bug could live on for years in devices that are infrequently updated. Here are some devices susceptible to the bug (basically anything compiled in a version of OpenSSL between December 2011 and April 8, 2014 is susceptible):

♡ Cable boxes and home Internet routers

♡ Enterprise-grade network hardware

♡ Industrial and business automation systems

♡ IT equipment and traffic control systems

♡ Email servers

♡ Client software

♡ Long list of websites (via GitHub), including Yahoo!, Flickr, Imgur and Eventbrite

CIOs can point their users to any number of articles explaining the vulnerability, from Paul Ducklin's Anatomy of a data leakage bug for the tech-savvy, to the New York Times Bits blog's coverage of the heartbeat security bug, to Mashable's depressing "what's next" proposals. (Hint: There are no winners, only millions of losers.) And to ease your heartburn from Heartbleed, we also offer some choice pieces on CIO advice, a couple of cool new inventions, and tips for capitalizing on real-time analytics.

  • After you're done learning about OpenSSL vulnerabilities, read about the five lessons CIOs can adapt from their CIO peers at tech companies to spruce up their IT strategy and executive cred.
  • Romy and Michelle may have wished they invented Post-it notes, but we're wishing we thought of this ingenious packing tape idea or the first all-solar plane to fly around the world.
  • Brace yourself for the new Twitter design. The update -- featuring newfangled profile looks and tools resembling Facebook Pages -- aims to make Twitter more user-friendly for less-frequent Twitter users. What do our big tweeters think about that?
  • Are your real-time analytics coming up with brilliant business breakthroughs -- but the business can't get out of its own way to act on them? Michael Schrage, a research fellow at MIT Sloan School's Center for Digital Business, tells CIOs why changing behaviors is key to keep analytics from failing.

Previously in Searchlight, HFT wolf terrorizes Wall Street and Microsoft caves, Office goes on iPads. Let us know what you think about the story; email Emily McLaughlin, associate site editor.

This was first published in April 2014

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Managing information security amid new threats: A guide for CIOs
Related Discussions

Emily McLaughlin asks:

Is the Heartbleed bug (two years unnoticed) an augur of Internet security troubles to come?

2  Responses So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close