Earlier today the DHS ICS-CERT published an update to their HeartBleed (okay OpenSSL Vulnerability) Alert that was issued and updated earlier this week. They have also provided a link to an FBI “Private Industry Notification” that provides Snort signatures for detecting exploits of the HeartBleed vulnerability.
The updated alert (Version ‘B’) points at the FBI Snort document. It also provides a link to the free ‘Snort Community Rules’ that were updated today (presumably with HeartBleed signatures).
The alert also reports that there are ‘additional indicators of compromise’ available on the Control Systems compartment of the US-CERT secure portal. You might want to check those out.
While I don’t have access to the Secure Portal, I certainly would recommend anyone running an industrial control system consider requesting access. There are too many times that the really good information (I hope it is really good) is kept under limited distribution for legitimate reasons.
“ICS-CERT encourages U.S. asset owners and operators to join the Control Systems compartment of the US-CERT secure portal. Send your name, e-mail address, and company affiliation to email@example.com.”