Developers Rush to Handle Heartbleed
On Tuesday, news broke of a major security flaw in OpenSSL, the technology that much of the Internet uses to encrypt data transfers. OpenSSL released a patch for the vulnerability, dubbed "Heartbleed" right away, and open source developers scrambled to create patches for Linux distributions and other applications that rely on OpenSSL. ZDNet reports that most major Linux distributions have released updates that fix the security vulnerability. Now it's up to website owners to apply the fixes to their own servers.
Security researcher Matthew Green notes that the problem was "the result of a relatively mundane coding error," namely, a missing bounds check. "This is just more evidence that even talented and dedicated programmers and developers can make mistakes," said Charles King, principal analyst at Pund-IT. "The scariest thing about it is that site owners may have been attacked or robbed and wouldn't know a thing."