Everything You Need to Know About Superbug Heartbleed
A coding flaw in the encryption software that underlies much of the Internet was disclosed on April 7, triggering a scramble as Web administrators tried to fix the problem on sites including Yahoo, Facebook, Tumblr and OKCupid.
Although government websites -- including HealthCare.gov -- appear to have used software that was vulnerable to the Heartbleed bug, all major federal sites avoided exposure, according to the Homeland Security Department. The White House denied speculation that the National Security Agency knew of and exploited Heartbleed.
Although it’s not clear Heartbleed was exploited before it was disclosed to the public, the vulnerability could have allowed hackers to access passwords, chats and other information from websites across the Internet. They also may have accessed information that would enable them to impersonate affected sites that have already implemented the coding patch.
See our ongoing coverage of the vulnerability below.
October 24 Half a year on from Heartbleed, what’s changed?
October 3 New rules published by the Office of Management and Budget require agencies to agree to proactive scanning.
September 2 With so many resources focused on preventing the next big security threat, are agencies vulnerable to the rest of the threats out there?
August 26 IG slams Raytheon and NOAA for failing to fix security holes on ground control system.
August 25 Digital Service team announcement didn’t mention privacy or security, while snoops continue targeting Internet users.
August 25 Technology leaders should take another look at the critical but oft-forgotten infrastructure their agencies are riding on.
June 24 More than 300,000 systems remain affected by Heartbleed.
June 11 26 percent of federal websites lack the proper configuration to thwart attackers from intercepting data entered by citizens, study finds.
June 6 The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday.
May 16 Patches are available to fix the vulnerability.
May 6 From Heartbleed to Koobface, these digital threats get named in a variety of ways.
April 30 The White House has established an interagency process to vet the pros and cons of disclosing future vulnerabilities.
April 30 As part of its push for mass surveillance, the spy agency has taken steps to sabotage cybersecurity.
April 28 Old computers are much more vulnerable.
April 19 The online marketplace's homepage directs users to change their login information.
April 17 DHS issues bulletin listing 14 hallmarks of a Heartbleed breach.
April 17 Ontario student is the first Heartbleed arrest.
April 14 Companies may hesitate to cooperate with the feds after NSA surveillance revelations, ACLU technologist says.
April 14 You may want to change your tax software password.
April 11 But Akamai systems powering the Obamacare website contained the data-leaking vulnerability.