April 22, 2014

Critical security flaw hits the Internet

Adam Mancini
Sports Editor

Somewhere in Europe, four programmers help maintain one of the Internet’s most critical security features. Only one of them considers it to be a full time job, while the other three work different jobs during the day and work on the software in their spare time. Combined, they earn less than $1 million a year for their work in keeping the entire Internet running. They are the creators and caretakers of OpenSSL, which is used for security on popular web servers such as Yahoo and Tumblr. The software helps to provide encrypted information to visitors so that passwords and usernames cannot be seen by others while it transfers from your computer to the website. It is used by nearly two-thirds of currently active websites. 

But there is a huge problem with OpenSSL. For nearly two years, an unknown critical security flaw known as Heartbleed existed, which could have allowed hackers to obtain user data and monitor past and future website traffic, even if it is encrypted. Due to underfunding, the programmers at OpenSSL did not have the manpower to uncover the bug, so it took two years until it was finally discovered by researchers at Google. If exploited, your e-mails, passwords, and even instant messages could have been obtained by people with malicious intentions. Luckily, nearly all online shopping and banking sites do not use OpenSSL, meaning they were not vulnerable to Heartbleed. However, it is unclear whether or not hackers actually knew about Heartbleed. Nobody has been able to confirm that they knew about the flaw, but that does not change the fact that users should be taking measures to ensure that their information is not stolen.


The problem has been patched over the last week and a new version of OpenSSL has been released, annihilating Heartbleed. But hackers may still have your passwords so it is best to change your passwords for the services that have been identified as vulnerable, such as Google and Imgur. The initial panic caused by the flaw has subsided, and the Internet is free to return to normal functioning.