Homeland Security Statement On 'Heartbleed' Bug Tries To Be Reassuring, Fails
This just keeps getting worse. The Heartbleed bug is already considered one of the biggest threats the Internet has ever seen, and now looks to be even worse than first thought. Even the Department of Homeland Security has issued a statement about Heartbleed, essentially to say, "We're on top of it." Which they are, kind of.
Posted by the DHS's National Cybersecurity & Communications director Larry Zelvin, the statement details the many, many internal teams that are responding to the crisis. It's eye-opening that so many DHS internal teams are dedicated to cyber issues alone, and it's comforting for us to know what we should be doing in response.
According to the statement:
While there have not been any reported attacks or malicious incidents involving this particular vulnerability at this time, it is still possible that malicious actors in cyberspace could exploit un-patched systems.
Then, Mr. Zelvin calls on the public to do its part in "ensuring our nation’s cybersecurity." To make it easier for us, some of whom are cybersecurity neophytes — myself included — the Department listed some important tips for protecting cybersecurity and information online.
While these updates and tips from the DHS are reassuring, recent discoveries about the Heartbleed bug are not. On Friday, security experts warned that the bug could threaten more than Web servers, as the vulnerable OpenSSL code can be found in mobile phones; email servers; security products like firewalls; the software that runs webcams, and even online games.
Meanwhile, Cisco Systems Inc. and Juniper Networks Inc., two of the largest manufacturers of network equipment used by corporations and small businesses, confirmed Thursday that some of their products contain the Heartbleed bug.
For now, companies and government agencies continue to scramble to determine which products are vulnerable. Though experts advise you to avoid using any device with the vulnerable software in it, they offer a bit of reassurance: It would take a lot of effort for a hacker to extract any useful data off of your iPhone. Which is, um, reassuring...