Heartbleed Bug: Vendor Compensating Controls
A critical vulnerability in OpenSSL (CVE-2014-0160) known as the Heartbleed Bug was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows arbitrary memory readout, compromising the integrity of the secure channel, potentially exposing personal information such as passwords, credit card information and emails.
Yesterday, we published a white paper on the Heartbleed Bug, its implications and recommendations for remediation. Today, we published a supplemental paper on compensating controls released by specific vendors to detect and block attempts at exploiting this vulnerability. This additional paper includes specific instructions on how to install and monitor the controls. We will continue to update this paper as new vendor threat prevention databases are released, so please check back regularly.