Were you a thriller writer seeking a name for an apocalyptic software security flaw that threatened the future of civilization as we know it, then "Heartbleed" would be hard to beat. Last week saw the discovery of such a flaw, and Heartbleed was the name assigned to it.
Most security flaws are of interest only to specialists, but this one was different. Why? Because it's been around for something like three years, during which time it could have exposed the passwords and credit card numbers that countless millions of people had provided to online stores and other services. Heartbleed would enable attackers to eavesdrop on online communications, steal data directly from services and users, and impersonate both services and users too. It could have affected up to two-thirds of the world's Internet servers. And unlike some earlier such problems, the solution isn't as simple as immediately changing one's password. It was, said Bruce Schneier, a security expert not much given to hyperbole, a "catastrophic" flaw. "On the scale of one to 10," he wrote, "this is an 11."
Heartbleed is a flaw in the computer code that encrypts your personal data while it's in transit from your computer to an online service. When you buy something and proceed to the checkout on any reputable site, then the URL you're dealing with will change from one prefixed by "http" to one prefixed by "https." This indicates that the Secure Sockets Layer (SSL) protocol has been invoked and that your personal data will now be transmitted only in encrypted form.