Rresearch firm Secunia has suggested removing the Heartbleed bug from vulnerable computers and gadgets is likely to take months to complete.
Gerry Lawrence, Operations Director, Adapt has some strong advice for businesses looking to beat Heartbleed and keep protected during this time. He believes businesses are being given mixed messages about the best ways to sercure their infastructure and is looking to add some clarity to the mix. "With an estimated 400 enterprise cloud apps vulnerable to Heartbleed, many organisations have been left in limbo. The Heartbleed bug is hard to detect and there is mixed messaging about what businesses should do to secure their infrastructure and data.The first step to take is to assess the risks surrounding your business. Internet-facing applications are typically the most at risk. If an organisation suspects it is at all vulnerable, it should work quickly to patch or disable affected services. Then regenerate the private key and obtain a new SSL certificate. Once that is installed, revoke the old SSL certificate. To mitigate risk and keep operations running smoothly, it is advised to work closely with a service provider or the Operating System vendor during this process. Also, businesses should be discussing next steps with their service providers to ensure their data is protected and that all services remain secure. If the site has been vulnerable, then it is practical to advise end users to change their passwords once the site has been patched and it has the new certificate installed."