The exposure of OpenSSL's Heartbleed vulnerability in early April signaled a shift in the perceptions of Internet security and stability. It prompts a different and more troubling conversation than other recent, high-profile breaches, such as Target's, have. To understand why the Heartbleed bug was worth the headlines it generated, it's important to appreciate what's at stake when OpenSSL is compromised. OpenSSL is an open source toolkit that applies the Secure Sockets Layer (SSL) and Transport Layer Security protocols and a cryptography library to secure exchanges of information on the Web. An implementation flaw made Web sites running OpenSSL versions 1.0.1 through 1.0.1f vulnerable to attacks by malicious actors, who could extract chunks of private memory. Affected Web sites could fix the bug by updating to OpenSSL version 1.0.1g, which was released on April 7, or by recompiling OpenSSL without the heartbeat function. Unfortunately, doing so doesn't guarantee that a Web site is no longer vulnerable.
Reproduced with permission of the copyright owner. Further reproduction or distribution is prohibited without permission.