In the days since the Heartbleed Bug, a vulnerability in OpenSSL heart beat function, was exposed we have begun to see signs of the Internet bleeding out. Bruce Schneier ranks this issue an 11 on a scale of 1 to 10.
Read the original Heartbleed post at heartbleed.com and then read this great explanation of how the bug works at IOActive’s blog.
Daniel Ingevaldson, CTO, Easy Solutions, and former X-Force analyst, has noticed large lists of 10,000+ domains being posted. These lists categorize domains as having SSL implemented or not and whether they exhibit the Heartbleed Bug.
The next phase of this crisis will show when leaked credentials begin to be posted. After that will be the fire drill as end users get sprayed with alerts to change their usernames/passwords to compromised sites.
This is a turning point for the Internet that is worth marking. Changes are going to be far reaching. Websites of critical services should take advantage of the crisis to implement two-factor authentication. Small banks in particular should stop dragging their feet.