This is the first time, I had to go through an emergency update process of that scale â€“ well better, my team went, I do not want to claim any success here for myself. I was basically just an observer.
However, there were a few interesting things, which I learned during the last few days:
For us, the event started as an emergency patch event. A critical vulnerability was popping up, we needed to react. When we started to work in our CSIRT, it was immediately clear that we needed to get the ball rolling fast â€“ the assessment of the criticality was straight-forward. We initiated the emergency patch process and started to work. So far, it was kind of “business as usual”. Then the mass media started to talk about the vulnerability and this turned the situation. Not technically â€“ we were working on patching and re-issuing the certificates but from a communication standpoint. It was more an incident response situation rather than “just” a patching and we were not short of management attention (which was basically good).
The interesting part to me, during that time was, that I completely underestimated the need for information people around us had â€“ one of the learning we definitely can draw. We did not see any active exploitation but the interest publically was so big that the management was drawn in immediately.
The other one was that everything that happened gets blown up immediately and linked to the NSA. If you look at articles like these: NSA Kept You Unsecure – It Knew of Heartbleed Bug But Used it to Steal Your Online Info
and It just shows that whatever happens, NSA has cards in the game â€“ at least for a lot of people (personally I cannot judge).
Interesting to me was as well, how many servers were really affected. This article might give you a sense:. So the problem technically was really, really bad but I guess most public media overreacted or at least blew the problem to a bigger size than needed
Last but not least, if you want to understand how the bug works in a way that your child can understand it, there you go:
So, the root cause was nothing but a simple programming error â€“ not checking untrusted inputâ€¦
- Heartbleed Bug opens internet for hackers (stuff.co.nz)
- Heartbleed Remediation: Replace ALL Keys and Certificates (venafi.com)
- Articles & Publications – RT: NSA exploit heartbleed bug (forum.no2id.net)