Skip to content
Subscriber Only

Why Heartbleed, the Latest Cybersecurity Scare, Matters

Why Heartbleed, the Latest Cybersecurity Scare, Matters
Photograph by Getty Images

Another day, another terrifying computer security vulnerability. A hole in a widely used encryption technology has given hackers a way to infiltrate many of the world’s largest websites and download sensitive information from servers without leaving a trace. The problem, dubbed Heartbleed, has existed for two years but was recently discovered by researchers at Google, setting off a scramble to fix it. Trying to track new security vulnerabilities can be dizzying, but here’s why this one is worth paying attention to:

It affects services you use. The problem is a shortcoming of OpenSSL, which is supposed to protect, by some estimates, more than 90 percent of online communications. Because so many places might be vulnerable, it will be difficult to find everything that needs fixing, says Vincent Berk, chief executive of security firm FlowTraq. “We’re not just talking about Web servers here,” he wrote in an e-mail. “There are other Web-enabled applications and services not typically accessed in a Web browser that use Open SSL, like Web-based accounting services, databases or other internal systems. Businesses may not have updated all of their servers and services—they may have missed patches or forgotten to update internal services, which will put them at risk.”