Here's the latest on Heartbleed: The critical Internet vulnerability doesn't just affect Web services, but also extends to routers and networking hardware. Yes, that means that a hacker who gains access to a vulnerable router might be able to grab information from said router and use it against you — that is, unless your equipment is too old to be affected by the bug.
For anyone who's watched Battlestar Galactica, this might sound familiar. In the opening hours of the Second Cylon War, the Galactica was among the humans' few surviving warships after a crippling surprise attack by invading robots. Many of the fleet's other battlestars were caught in a Pearl Harbor-like situation: disabled in spacedock, then mercilessly destroyed.
The ships were crippled by a devastating electronic attack that took advantage of a flaw in the Command Navigation Program, the operating system on which the fleet relied. The fleet's networked computers allowed the hack to spread, shutting down systems everywhere. With their vessels offline, the Colonial fleet proved helpless against the onslaught. Their over-dependence on technology led to their defeat. But Galactica, being a much older battlestar, escaped. The CNP was never installed on its computers, nor were its computers ever networked. Galactica's second-generation fighter craft were similarly behind the times — but in a head-to-head fight with the Cylons, this proved to be an advantage. Electronic warfare techniques didn't work against them.
"Galactica is a reminder of a time when we were so frightened by our enemies that we literally looked backward for protection," one character says in the pilot episode.
Keeping Heartbleed at bay, at least from a hardware perspective, might turn on a similar idea. So long as you've got home networking equipment that's more than a couple years old — meaning you bought it before manufacturers loaded the Heartbleed bug into newer equipment by accident — chances are that you're protected from electronic exploitation.
"A lot of the software running on these devices is older than two years old," said Matthew Prince, chief executive of the Web infrastructure firm Cloudflare, "so, strangely, it won't be vulnerable. The irony of this bug is that the people that were safest from it were the ones that ignored the traditional security wisdom, which is … 'always update your software to the latest version.' "
As an extra measure, Prince suggests that if you can access your router's settings through a Web browser and can turn that ability off, do so.