Everyone is still reeling from the far reaching effects of Heartbleed the OpenSSL bug that has seemed to unify the internet. Millions and millions of websites and services are affected including ones you use regularly.
Open SSL is a library that allows services such as the Apache web server to make use of SSL technlogy. The bug is not in the technology itself but in the implementation. Owing to this bug, which was discovered on the 7th of April 2014, an attacker could simply by pass any idea of security and easily steal private keys, certificates and other sensitive information even though they have been protected by SSL technology.
I myself woke up to the news on that Tuesday and we have upgraded all our services to plug this bug. It is simply staggering the impact this is having on the internet community. What is more worrying, it has been going this way for almost four years and nobody noticed. Well at least we hope that nobody noticed because the thought of it is incomprehensible.
In the past 72 hours, I have received countless emails from service providers and other websites and it is plastered across the front page of every tech article out there.
Where do we go from here?
We shouldn't all just decide is time to jump ship and find a new standard for encryption. Anything that big is bound to have errors. Also, the bug only affected an implementation of the SSL standard and not the actual service. If it did, this blog post would be going a very different way.
However, there are lessons learnt here about how we use software and about who should be responsible for finding issues in Open-source software. We thank the guys at Codenomicon for this life saving find.
Want to learn more about Heartbleed? Visit the official bug page.
The Issue has already been mitigated via an update which everyone who uses OpenSSL is advised strongly to update their version. Do you have any stories or have you been sent an email about this? We would like to know. Send us an email at