special report

Everything You Need to Know About Superbug Heartbleed

A coding flaw in the encryption software that underlies much of the Internet was disclosed on April 7, triggering a scramble as Web administrators tried to fix the problem on sites including Yahoo, Facebook, Tumblr and OKCupid.

Although government websites -- including -- appear to have used software that was vulnerable to the Heartbleed bug, all major federal sites avoided exposure, according to the Homeland Security Department. The White House denied speculation that the National Security Agency knew of and exploited Heartbleed.

Although it’s not clear Heartbleed was exploited before it was disclosed to the public, the vulnerability could have allowed hackers to access passwords, chats and other information from websites across the Internet. They also may have accessed information that would enable them to impersonate affected sites that have already implemented the coding patch.  

See our ongoing coverage of the vulnerability below.


How These 11 Geeks Will Make the Internet More Secure

October 24, 2014 Half a year on from Heartbleed, what’s changed?

A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst at the watch and warning center of the Department of Homeland Security's secretive cyber defense facility in Idaho Falls, Idaho.

DHS No Longer Needs Permission Slips to Monitor Other Agencies' Networks for Vulnerabilities

October 3, 2014 New rules published by the Office of Management and Budget require agencies to agree to proactive scanning.

Federal Network Security: 4 Easy Steps to Get the Basics Right

September 2, 2014 With so many resources focused on preventing the next big security threat, are agencies vulnerable to the rest of the threats out there?

The Joint Polar Satellite System

Thousands of Weather Satellite Bugs Won’t Be Fixed For Years

August 26, 2014 IG slams Raytheon and NOAA for failing to fix security holes on ground control system.

Will Obama's New Tech Squad Include Cyber Experts?

August 25, 2014 Digital Service team announcement didn’t mention privacy or security, while snoops continue targeting Internet users.

After Heartbleed, Is Open Source More Trouble Than It’s Worth?

August 25, 2014 Technology leaders should take another look at the critical but oft-forgotten infrastructure their agencies are riding on.

Two Months Later, Heartbleed is Still a Major Issue

June 24, 2014 More than 300,000 systems remain affected by Heartbleed.

Who Needs Heartbleed When Many Dot-Govs Don't Even Encrypt Communications?

June 11, 2014 26 percent of federal websites lack the proper configuration to thwart attackers from intercepting data entered by citizens, study finds.

Another Heartbleed-Style OpenSSL Vulnerability Discovered

June 6, 2014 The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday.

Heartbleed Superbug Found in Utility Monitoring Systems

May 16, 2014 Patches are available to fix the vulnerability.

How Computer Viruses Get Their Names

May 6, 2014 From Heartbleed to Koobface, these digital threats get named in a variety of ways.

How the NSA Undermines Cybersecurity to Protect You

April 30, 2014 As part of its push for mass surveillance, the spy agency has taken steps to sabotage cybersecurity.

Why the U.S. Government Is Extra Worried About the Huge Internet Explorer Bug

April 28, 2014 Old computers are much more vulnerable.

Heartbleed Means Users Must Reset Passwords

April 19, 2014 The online marketplace's homepage directs users to change their login information.

How to Tell If Hackers Are Attacking Your Utility System Through Heartbleed

April 17, 2014 DHS issues bulletin listing 14 hallmarks of a Heartbleed breach.

Teen Arrrested for Exploiting Heartbleed to Hack Into Canadian Tax Agency

April 17, 2014 Ontario student is the first Heartbleed arrest.

Google Knew About Heartbleed and Didn’t Tell the Government

April 14, 2014 Companies may hesitate to cooperate with the feds after NSA surveillance revelations, ACLU technologist says.

Heartbleed Delays Taxes in Canada

April 14, 2014 You may want to change your tax software password.

Federal Websites Avoid Heartbleed Risks, DHS Says

April 11, 2014 But Akamai systems powering the Obamacare website contained the data-leaking vulnerability.

NSA Reportedly Exploited Heartbleed Bug for Spying Purposes

April 11, 2014 Because the agency hasn't already reportedly done enough.

Heartbleed Update: Sites That Tell You Which Passwords You Should Bother to Change

April 11, 2014 Your two-point to-do list for the weekend.

This image taken from a video posted by Internet hackers, Anonymous on the Greek Justice Ministry web site.

U.S. Promises Not to Sue Companies for Discussing Hacks

April 10, 2014 Feds want businesses to work together to thwart hackers -- and vulnerabilities like Heartbleed.

The Heartbleed Bug Shows How Fragile the Volunteer-Run Internet Can Be

April 10, 2014 It's the worst thing to happen to the Internet since it became a mass medium in the early 2000s, one CEO says.

How to Check If a Site Is Safe From 'Heartbleed'

April 9, 2014 Change your password in any case.

What You Need to Know About Heartbleed, the New Security Bug Scaring the Internet

April 9, 2014 You'll have to change all of your passwords, and temporarily avoid any site known to be vulnerable.