This content is part of the Essential Guide: Disaster prevention and mitigation strategies: Strike early and often
News Stay informed about the latest enterprise technology news and product updates.

'Heartbleed' bug strikes, personal identifiable information bleeds out

Searchlight: OpenSSL's 'Heartbleed' spills personal identifiable information; how to be a better CIO; a new twist on packing tape; and more.

Ever find yourself day dreaming (or nightmare-ing) about the demise of the Internet? Life without Google Maps, Wikipedia, online banking, texting over Wi-Fi … without your company's website? Welcome to the day-and-nightmare of the "Heartbleed" bug.

This week, as headlines 'round the world announced, a defect was discovered in one of the Internet's key security methods, OpenSSL, forcing two-thirds of all websites -- that probably means yours -- to consider changes to protect the security of consumers. The so-called heartbeat protocol -- responsible for encrypting online sessions and connecting consumer devices in homes, offices and industrial settings to websites -- is now tainted by the Heartbleed bug.

The information leaked from Heartbleed varies on a case-to-case basis -- as does the advice on how to respond to it. Security experts initially advised consumers to wait for sites to announce that they have dealt with the issue before rushing to change their passwords. That is not the case for IT leaders, who are advised to assume their companies' systems have been infected. Highest priority should be given to systems open to the Internet.

Emily McLaughlin

If you are not already in a sweat over Heartbleed, consider this: MIT Technology Review reported that the bug could live on for years in devices that are infrequently updated. Here are some devices susceptible to the bug (basically anything compiled in a version of OpenSSL between December 2011 and April 8, 2014 is susceptible):

♡ Cable boxes and home Internet routers

♡ Enterprise-grade network hardware

♡ Industrial and business automation systems

♡ IT equipment and traffic control systems

♡ Email servers

♡ Client software

♡ Long list of websites (via GitHub), including Yahoo!, Flickr, Imgur and Eventbrite

CIOs can point their users to any number of articles explaining the vulnerability, from Paul Ducklin's Anatomy of a data leakage bug for the tech-savvy, to the New York Times Bits blog's coverage of the heartbeat security bug, to Mashable's depressing "what's next" proposals. (Hint: There are no winners, only millions of losers.) And to ease your heartburn from Heartbleed, we also offer some choice pieces on CIO advice, a couple of cool new inventions, and tips for capitalizing on real-time analytics.

  • After you're done learning about OpenSSL vulnerabilities, read about the five lessons CIOs can adapt from their CIO peers at tech companies to spruce up their IT strategy and executive cred.
  • Romy and Michelle may have wished they invented Post-it notes, but we're wishing we thought of this ingenious packing tape idea or the first all-solar plane to fly around the world.
  • Brace yourself for the new Twitter design. The update -- featuring newfangled profile looks and tools resembling Facebook Pages -- aims to make Twitter more user-friendly for less-frequent Twitter users. What do our big tweeters think about that?
  • Are your real-time analytics coming up with brilliant business breakthroughs -- but the business can't get out of its own way to act on them? Michael Schrage, a research fellow at MIT Sloan School's Center for Digital Business, tells CIOs why changing behaviors is key to keep analytics from failing.

Previously in Searchlight, HFT wolf terrorizes Wall Street and Microsoft caves, Office goes on iPads. Let us know what you think about the story; email Emily McLaughlin, associate site editor.

Dig Deeper on Enterprise data privacy management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Is the Heartbleed bug (two years unnoticed) an augur of Internet security troubles to come?
Seeing as this is just the latest (though probably most serious) in a line of security vulnerabilities, I assume it is pointing to more problems down the road. While each new issue points to the need to change the way security is managed (from both a personal and organizational standpoint), and inspires much hand-wringing, it doesn't often seem to lead to real changes in practice. I'd like to think that Heartbleed is what really wakes everyone up, but the likelihood is that it won't. 
Biggest security threats the Internet has ever seen. The bug has affected many popular websites and services ones you might use every day, like Gmail and Facebook and could have quietly exposed your sensitive account information such as passwords and credit card numbers over the past two years.