7 Tips For Dealing With Heartbleed Right Now

Heartbleed

Last week was a fun week. We’ve not had a significant cyber event like Heartbleed – something that affects just about everybody on the Internet — since the Kaminsky DNS vulnerability of 2008. Everybody I know has been scrambling to understand what it means to their organisation, to their business and to their immediate family.

Yes, I said family. I am sure I am not the only one who has answered a question or two from his mother-in-law about how the Internet is melting down based on what she’s been reading in the press. While many reports have been very doom and gloom oriented, there are things you can immediately to protect yourself. Here are 7 things I’m doing to protect myself, my business, and my family.

1. Don’t Panic

Yes, this is a serious issue – and a vulnerability that has been available for exploitation for over two years. But the chances that hackers have successfully exploited you or your organisation are pretty small. Check your trap lines for sure but let’s get on with the business of cleaning up in aisle nine.

2. Identify & Patch Your Affected Systems

I know that this sounds obvious, but don’t assume you know everything. Run local scanners across your network to discover any OpenSSL instances that might have popped up without your knowledge. Both client and server applications utilising OpenSSL need to be updated.

3. Ping Your Cloud Application Providers

Salesforce is one cloud provider that already announced that its systems are unaffected by this vulnerability. But you are probably using a handful of other cloud providers for other tasks like HR, Payroll, ERP, etc. Make sure you know who they are and ensure they are cleaning up the same way that you are. As Brian Krebs noted, one useful resource is Filippo Valsorda’s site to check for vulnerable systems.

4. Get New Keys

Acquire new key certificates, revoke your old ones and install the new ones. Because of the way the vulnerability works, hackers who have compromised your servers with this Heartbeat weakness may have stolen your private keys. Even after you patch your systems, these guys would still have your private keys. Get a new set of keys.

5. Inform Your Customers

Your customers should already be asking you if you have been affected (see No. 3), but there will be some that do not and will just assume you’re working on it. As a matter of trust, you should be transparent about your cleanup efforts. Do not shy away from this. Since this vulnerability is widespread, you will not be alone in your efforts and maybe you can help some other organisation who is not as clear thinking as you are about how to do this cleanup. Customers always remember who acted swiftly and professionally in times of crisis.

6. Change Your Passwords

Once you have patched your systems, changed your keys, ensured that your cloud providers also accomplished those tasks, then it is time to change the passwords for all users on those systems. But wait on this until everything else is done, because hackers who are hanging out on systems that have not been patched or systems where the keys have not been changed can still read your new password. It does not make sense to change your password until the other tasks are completed.

7. Beware Of The Inevitable Phishing Campaigns

Soon you will start to see phishing email messages telling you that you must immediately change your password in order to protect yourself from the Heartbleed vulnerability. They will most likely have a link embedded in the message pointing you to a sight that looks very much like your ERP, HR or payroll site, but in fact, it will be a site cleverly designed to collect your credentials. Be wary of all communications.

Rick Howard

Rick Howard is the Chief Security Officer for Palo Alto Networks, where he is responsible for leading the Threat Intelligence Team, supporting the product line and acting as a thought leader and company evangelist in the cyber security community space.