This just keeps getting worse. The Heartbleed bug is already considered one of the biggest threats the Internet has ever seen, and now looks to be even worse than first thought. Even the Department of Homeland Security has issued a statement about Heartbleed, essentially to say, "We're on top of it." Which they are, kind of.
Posted by the DHS's National Cybersecurity & Communications director Larry Zelvin, the statement details the many, many internal teams that are responding to the crisis. It's eye-opening that so many DHS internal teams are dedicated to cyber issues alone, and it's comforting for us to know what we should be doing in response.
According to the statement:
While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems.
Then, Mr. Zelvin calls on the public to do its part in "ensuring our nation’s cybersecurity." To make it easier for us, some of whom are cybersecurity neophytes — myself included — the Department listed some important tips for protecting cybersecurity and information online.
- Many commonly used websites are taking steps to ensure they are not affected by this vulnerability and letting the public know. Once you know the website is secure, change your passwords.
- Closely monitor your email accounts, bank accounts, social media accounts, and other online assets for irregular or suspicious activity, such as abnormal purchases or messages
- After a website you are visiting has addressed the vulnerability, ensure that if it requires personal information such as login credentials or credit card information, it is secure with the HTTPS identifier in the address bar. Look out for the “s”, as it means secure.
For now, companies and government agencies continue to scramble to determine which products are vulnerable. Though experts advise you to avoid using any device with the vulnerable software in it, they offer a bit of reassurance: It would take a lot of effort for a hacker to extract any useful data off of your iPhone. Which is, um, reassuring...