UPDATED 13:12 EDT / APRIL 24 2014

Heartbleed is a Walletbleed, too

wallet heart bleedHow much has Heartbleed cost us? CloudFlare has posted a blog talking about the costs — laughably small in my view — of revoking and reissuing security certificates. This will be expensive, extrapolating into the tens, maybe hundreds of millions of dollars. That, however, is likely small change compared to corporate IT expense and the hit on worker productivity.

Not to mention the sudden, unplanned updates required it at least some cases. For example, a company I know learned a piece of open source software necessary for their business would not be updated by the developer to fix OpenSSL.

Why? The developer didn’t want to waste resources on Windows 2003 which Microsoft will soon no longer support. How soon? Well, I just tried to ask Google and got an SSL error! (Turns out it’s July 2015, as I see now that the error has cleared).

Faced with critical software not being updated to deal with the Heartbleed crisis, the company was forced to do an overnight upgrade to Windows Server 2012. Not the best way to spend an evening or unbudgeted software money. Good they knew how to do the install and setup the server, which is very different from Server 2003.

This is the same company that shut down a server after an admin watched his account being logged in from Europe, while he sat in his office on the West Coast. At least that server could be fixed.

Personally, I’ve spent a couple of unhappy hours every day this week dealing with passwords and accounts. I’ve spent about $70 on password management apps that will allow me to generate and manage a really complex individual password for every system I use. Family members get this treatment over the weekend.

I am doing this not because I wanted to send mSecure my money, but because I’ll never know how well or widely my previous passwords were compromised. I am finding accounts that I’d long ago forgotten and turning them off. Accounts I use are getting password changes.

All this new security is a good thing, but I’d lived pretty securely right up until Heartbleed went public. Just the overhead of dealing with password management is more painful than I really need. But what am I to do?

I’ve been looking for a dollar cost for Heartbleed and haven’t found one. The CloudFlare blog is a very partial study. My personal out-of-pocket will likely be $150 after all the software is bought. Plus 20 hours of my time, minimum.

Meanwhile, the Mounties have already busted a comp sci student for turning Heartbleed against the Canadian national tax agency. More arrests, if we are lucky, will certainly follow. But there are many, many places where hackers face little legal risk. Vlad Putin runs one such place. And seems intent on t

And there will, essentially forever, be unpatched servers and devices for the bad guys to compromise. If you’ve been using shared passwords, none of those accounts are secure even after they have the OpenSSL fix.

I am not trying to sound too paranoid or alarmist. But new passwords really are necessary and will be expensive and time-consuming to implement. I have not idea what this will cost or who will come up with the global total, but its got to add up.

How much has Heartbleed cost you or your c0mpany?

photo credit: Alexa Baehr via photopin cc

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU