The Washington Post reported today that the Heartbleed bug may cause major disruptions to the Internet over the next several weeks.
Short story: the bug has existed for about two years, leaving servers and web sites open to a gap in OpenSSL, a technology meant to offer high encryption of sensitive data. The bug may have affected as much as 2/3 of the Internet.
Advice about Heartbleed
Over the past week or so, the only advice to Web users has been to change passwords on many social media systems.
To read more about why Heartbleed is such a big deal. And also hear from the man who gave us Heartbleed by accident.
“I was working on improving OpenSSL and submitted numerous bug fixes and added new features…In one of the new features, unfortunately, I missed validating a variable containing a length.”
After he submitted the code, a reviewer “apparently also didn’t notice the missing validation,” Seggelmann said, “so the error made its way from the development branch into the released version.”
Dr Seggelmann said the error he introduced was “quite trivial,” but acknowledged that its impact was “severe.”
So, whether you know anything at all about code or OpenSSL, please change your passwords as directed above.