This roundup post includes three posts discussing the impact of the Heartbleed bug and how Heartbleed will go on, even after the products it impacts are updated.

Heartbleed Will Go On Even After The Updates

The fallout from the Heartbleed bug likely will be felt for a long time, but the immediate and urgent questions top of mind are which sites and products are affected, and which have been fixed. Then what? The scary reality is that even after a site or product is patched and users have changed their passwords, Heartbleed will not be over.

It is impossible to discern whether nation-states or well-funded cyber-criminals had already known and exploited the flaw for the past two years it’s been in circulation in OpenSSL. This bug has also a long tail that spreads to internal networks, applications, and some mobile devices. Digital certificates have been exposed, and what was once a reliable and secure connection, SSL, has been compromised.

Heartbleed: Examining The Impact

This was not a breach like the ones we’ve grown accustomed to hearing about in recent months, such as Target, Drupal, or the California DMV, wherein customers’ personal data or login credentials were leaked. Instead, this breach strikes at the heart of encrypted transfers to the servers we all use in our day-to-day lives.

More Than A Half-Million Servers Exposed To Heartbleed Flaw

Heartbleed may be one of the biggest Internet security events since security expert Dan Kaminsky found and helped coordinate a fix for the massive Domain Name Service (DNS) caching vulnerability in 2008. Bruce Schneier gives Heartbleed an 11 rating on an ascending scale of 1 to 10, and security companies and experts are issuing warnings of the severity of the bug. The flaw, a two-year old implementation bug in the open-source OpenSSL, has been fixed with the new OpenSSL 1.0.1g, but experts say to assume it’s already been abused by nation-states or cyber criminals given the two years it wasn’t publicly known.