If they’ve been watching the news or tried to file their taxes electronically this week, business professionals have probably run smack-dab into the explosive discovery of a major flaw in OpenSSL, called Heartbleed.
Network admins or other member of the IT department will no doubt be asked plenty of questions over the next few months about their organization, the vulnerability of any online services they provide and even internal risks. Even the most experienced tech pros won’t have all the answers. Major vendors are still checking to see to what extent their products are affected and will be issuing patches accordingly.
To help offer some clear guidance without spending endless hours in the boardroom, expertIP has assembled the following helpful links from around the Web which can be distributed to users or used as the basis for communicating information about Heartbleed.
Best explainer: The Globe and Mail has an FAQ list that goes into great detail about what Heartbleed is and the current state of the problem.
Best primary source: Codenomicon, which discovered Heartbleed, has set up a site with more in-depth background about the security issues.
Best master list: Mashable is keeping a good ongoing tab of what’s been affected by Heartbleed so far.
Best self-service tool: The Heartbleed test is a good way to give users a free resource to double-check suspicious sites.
Best thought-provoker: The MIT Technology Review gives the most nuanced analysis of why OpenSSL was prone to risk, and how organizations might address it in the future.