The Heartbleed Hack: Winners and Losers

Recent news coming out about the Heartbleed bug suggests rushing to fix the vulnerability may actually compound the problem. Those responsible for websites, including the high tech security platforms, don’t know what they don’t know!

As a consumer, and as a potential investor in some of these companies, here’s what you need to know …

Heartbleed had a 2-Year Head Start

The Heartbleed bug was unknown for two years before researchers discovered it two weeks ago. Companies (and if they can be believed, the government) had no idea whether or how they might have been attacked.

This could

Revolutionize your Gold trading …

The gold market has been running on empty for over a year now.

But in James DiGeorgia’s brand-new investor report, "The Secret Gold Account," you can learn all about:

  • The 18-digit code that unlocks a "secret gold account" that’s hidden in most broker platforms …
  • Collecting "underground dividends" from the world’s largest gold and silver miners …
  • The "gold accelerator" method that could boost your returns on gold and silver stocks up to 4-times higher. …

And how to put it all together to create The Ultimate Gold and Energy Portfolio that historically has crushed all of the major market indices … and posted a remarkable 96.5% win rate.

Don’t wait. Just turn up your speakers and click this link here

Internal Sponsorship

While major financial, retailing and other data-sensitive organizations have or are fixing their sites, major security breaches are already being traced directly to the Heartbleed bug.

The Canada Revenue Agency ceased online operations after their analysis indicated that, over a six-hour period, approximately 900 taxpayers were victims of someone exploiting the Heartbleed vulnerability.

It gets worse. The Heartbleed vulnerability affects hardware as well as software. Equipment needs to be patched or replaced before it can be "safe."

Reuters reports that pieces of vulnerable "Open SSL" code exist in ordinary PCs, e-mail servers, mobile phones and even security products such as firewalls.

Product developers are rushing to find and fix their vulnerabilities. They are anxious because researchers have observed sophisticated hacking groups conducting scans of the Internet this week in search of vulnerable servers.

New evidence supports the assessment that hackers can use Heartbleed to create fake websites that trick consumers into handing over valuable personal information.

The Winners

And so, it’s no surprise that the disastrous Target (TGT) experience a few months ago personalized cybersecurity for millions of Americans.

Barclay’s recent (April) survey of 100 top Chief Information Officers outlined that IT spending will accelerate in the second half 2014. In particular, one of the sectors of rising importance is security.

But which providers are likely to "secure" this new business? You may be surprised.

Unlike many "legacy" security providers, several "independent" security companies claim to have better mousetraps.

The Heartbleed bug is a new vulnerability. My sense is that the major damage has yet to reveal itself and that Heartbleed may turn out to be a particular nasty "wackamole."

Over the past month, cybersecurity stocks have been as a group were knocked down. Declines ranged from -1% for Checkpoint Software (CHKP) to -56% for Imperva (IMPV).

Except for Imperva, which significantly missed earnings ($31 million vs. $36 million), the group’s performance reflected the disfavor that tech stocks have displayed in the past month.

Two stocks of this group particularly merit some attention: Palo Alto Networks (PANW) and Checkpoint Software.

As the performance chart outlines, Palo Alto’s recent decline appears particularly recent and tied to the tech sector weakness in recent weeks.

Prior to mid-March, the company had strong and uninterrupted growth since November 2013. It has bounced up off the recent bottom over the past week.

Checkpoint Software weathered the past month much better than its tech and security peers.

Its consistent upward march extends back even further than Palo Alto to March 2013.

It also has potential to snap back from this level.

The Losers

There will be many more losers because of the Heartbleed bug. Some 500,000 "trusted" certificate websites could wind up with fake, cloned websites.

The vulnerabilities in the networking and communications gear made by Cisco (CSCO) and Juniper (JNPR) means that someone using Heartbleed could access the memory banks of users’ IP phones, computers, WebEx sessions and mobile devices.

Cisco’s list of products vulnerable to the Heartbleed exploit stands at 80 as of April 14.

Juniper officials say nine products are impacted by the Heartbleed bug, including some versions of its virtual private network products, its Junos Operating System and its Junos Pulse security software.

Both companies are still evaluating risks and issuing a constant stream of patches to fix the problem.

While some companies have the resources to implement fixes and apply a needed patch (assuming it is provided), many smaller operations and individuals with an at-risk product may not implement the change or be forced to replace a product such as a $100 "router" to be sure that it is safe.

They are outrunning NetGear (NTGR). Although NetGear has products impacted by the bug, as of April 14, a Google search indicates that the company had not issued any update at all on the Heartbleed bug for its customers.

NetGear shares have been immune to date from downward pressure on their valuation, but they are playing with fire and risk completely losing their user’s trust.

How to Protect your Web Surfing

Very important: Experts say do NOT change your password on any websites until you know they are safe from Heartbleed.

McAfee has created a Heartbleed checker tool that you can use to determine if a site you want to visit may be infected. Here’s the link:

After that, all you can do is hope that the website is "real." Avoid any site that triggers a warning about their security certificate, and watch the news for any report of fake sites.

That’s my take on it.


P.S. A virtually hack-proof investment is gold … even when it’s stuck in a range like it has been throughout 2014. If you’re wondering how to invest in the gold markets over the next few years … then James DiGeorgia’s new training video could be exactly what you’re looking for. Click here to watch it now.