Heartbleed: Most of Internet struck by security failure

Serious security flaw affected most servers, giving hackers access to personal information for years

Published April 9, 2014 3:04PM (EDT)

So named by researchers who discovered the bug plaguing critical online infrastructure, Heartbleed is a security flaw that has struck the very vital organs of the Internet. Experts believe the security flaw, which was only recently found but has been around for two years, affects nearly every online server and up to 60 percent of the Internet.

To understand the nature of the flaw is to understand its gravity:

Heartbleed affects online security protocol OpenSSL (Secure Sockets Layer). When you log into a website, your login credentials are sent to that website's server. But in most cases those credentials are encrypted using SSL (OpenSSL among the most highly used encryption tool). Heartbleed has for two years enabled hackers to get anything a user sends to an affected site's server, including emails, instant messages, passwords and documents.

Not only has Heartbleed infected the Internet for years, there's little we can do about it -- our online lives structured as they are by SSLs. As HuffPo reported:

So what can users do? Matthew Prince, CEO of content delivery network Cloudflare, one of the first businesses to be notified of the bug, told The Huffington Post that sadly, there's not much normal netizens can do to protect themselves. "When you finish using a website, make sure to actively log out," Prince advised -- that makes it less likely that a hacker exploiting Heartbleed will be able to take your personal information.

Prince also put in a word of comfort: "Heartbleed is so serious -- it's such a big, bad event -- that almost every major service is scrambling to clean it up as quickly as possible." He estimated that most currently vulnerable websites will be "patched" by the end of the week.


By Natasha Lennard

Natasha Lennard is an assistant news editor at Salon, covering non-electoral politics, general news and rabble-rousing. Follow her on Twitter @natashalennard, email nlennard@salon.com.

MORE FROM Natasha Lennard


Related Topics ------------------------------------------

Bug Cybersecurity Hackers Heartbleed Internet Openssl Security Ssl