We lead with links to three informative Heartbleed overviews: what it is, how it was discovered, and what its larger implications are.
Among those implications is, now, exploitation in the wild. Canada's tax service suspended web operations and extended filing deadlines after hackers extracted taxpayer information through Heartbleed holes. The bug is also blamed for a data breach in British parenting site Mumsnet. Other victims are widely expected to turn up at any time, and the problem isn't confined to servers: Android devices, for example, are also vulnerable, as are at least forty-eight cloud apps. Analysts discern Heartbleed exposure in virtual private networks and (attention Tor users) the Deep Web.
A thoughtful article in CIO reflects on Heartbleed and raises an important issue: "If our checks and balances are so fragile that a typo can obliterate all meaningful security, we have some fundamental things to fix."
The SANS Internet Storm Center sounds a rare optimistic Heartbleed note: IT teams are aware of the vulnerability and are taking appropriate action. Patches and mitigations continue to roll out (but Akamai has to recall theirs). VMWare alone plans twenty-seven patches this week.
Cyber threat information sharing advances on at least three fronts: agriculture (with collaboration planned among the AFBF, Monsanto, DuPont, and John Deere), retail, and the electrical grid.
Anonymity tools Tails and DuckDuckGo receive consumers' attention.
The first phase of the TrueCrypt audit is encouraging: no major issues found.
US policymakers deny exploiting Heartbleed. US DNI Clapper calls for inter-security-agency transparency.