The Verge: Monday afternoon, the IT world got a very nasty wakeup call, an emergency security advisory from the OpenSSL project warning about an open bug called “Heartbleed.” The bug could be used to pull a chunk of working memory from any server running their current software. There was an emergency patch, but until it was installed, tens of millions of servers were exposed. Anyone running a server was suddenly in crisis mode.
If the “Heartbleed” name sounds dramatic, this bug seems to live up to the hype. It’s already far worse than the GoToFail bug that embarrassed Apple earlier this year, both by the scale of computers affected and the depth of the breach. The new bug would let attackers pull the private keys to the server, letting attackers listen in on data traffic and potentially masquerade as the server. Even worse, it’s old: the bug dates back two years, and it’s still unclear how long anyone’s known about it.