Heartbleed's Network Effect

It's been one week since the massive Heartbleed flaw was disclosed publicly and websites began frantically patching, but the potential danger of the bug being used to hack into businesses' internal networks and steal their data could last for years to come.

The attention initially focused on patching public-facing websites and protecting user credentials from Heartbleed, as well as sites' digital certificates. But the long-term ramifications of the Heartbleed encryption flaw in the widely deployed open-source OpenSSL library are slowly coming into focus: how cyberspies and sophisticated cybercrime gangs can or already have used the bug to infiltrate an organization's intranet servers, network devices, client machines, and VPN servers in order to steal valuable data.

"The immediate focus should have been on the perimeter and external websites. But the long-term devastation and real cost is from the internal [network] perspective," says Rob Seger, distinguished engineer at Palo Alto Networks. "Being able to steal all the data carte blanche is, in my opinion, a more lasting and negative" outcome of Heartbleed.

Click here to read the full story on Dark Reading.