You can’t have failed to notice the media storm in the IT and security press around the recent vulnerability in the bedrock of the internet – SSL. The service designed to be protecting our data when sent over the big bad public wire has been wide open since early 2012 within many OpenSSL deployments (unpatched OpenSSL 1.01 or 1.02beta).
There has been a lot of talk both at Nettitude and all over the world over the last 24-hours regarding the Heartbleed bug. This is possibly the biggest kink in the armor of SSL ever found, due to the fact that it affects such a large portion of hosts on the internet1.
Some interesting and rather alarming findings from a recent survey around Security Awareness Training (SAT): source 1,000 people surveyed by One Poll for PhishMe.