As you'd expect, the security world is in a bit of a tizzy over this. As they should be. They're security gurus, after all.
Should you be in a tizzy? Well, that depends. If you're also a security guru, then you don't need to listen to me on this. If you're not, here are some things you should know:
- There's probably not much you can do about this. Your ISP (and all the other ISPs) will have their security guru run out the patch, post haste.
- There's basically no information available on this - it will be unveiled at the Black Hat briefings next month in Las Vegas. Therefore, it's kind of hard to gauge just what the heck is going on, except a lot of smart security guys are paying attention (see links above, or on the blog roll).
- The press is almost certain to get this wrong, and hype it as much as they think they can. None of them will have the slightest idea what they're talking about.
Are we all gonna DIIEEEE? Don't think so.
Security is a pretty funny business. We're not getting any better at it, but we're not all getting fired, either. Yay, us!