special report

Everything You Need to Know About Superbug Heartbleed

A coding flaw in the encryption software that underlies much of the Internet was disclosed on April 7, triggering a scramble as Web administrators tried to fix the problem on sites including Yahoo, Facebook, Tumblr and OKCupid.

Although government websites -- including -- appear to have used software that was vulnerable to the Heartbleed bug, all major federal sites avoided exposure, according to the Homeland Security Department. The White House denied speculation that the National Security Agency knew of and exploited Heartbleed.

Although it’s not clear Heartbleed was exploited before it was disclosed to the public, the vulnerability could have allowed hackers to access passwords, chats and other information from websites across the Internet. They also may have accessed information that would enable them to impersonate affected sites that have already implemented the coding patch.  

See our ongoing coverage of the vulnerability below.


How These 11 Geeks Will Make the Internet More Secure

October 24 Half a year on from Heartbleed, what’s changed?

A reflection of the Department of Homeland Security logo in the eyeglasses of a cybersecurity analyst at the watch and warning center of the Department of Homeland Security's secretive cyber defense facility in Idaho Falls, Idaho.

DHS No Longer Needs Permission Slips to Monitor Other Agencies' Networks for Vulnerabilities

October 3 New rules published by the Office of Management and Budget require agencies to agree to proactive scanning.

Federal Network Security: 4 Easy Steps to Get the Basics Right

September 2 With so many resources focused on preventing the next big security threat, are agencies vulnerable to the rest of the threats out there?

The Joint Polar Satellite System

Thousands of Weather Satellite Bugs Won’t Be Fixed For Years

August 26 IG slams Raytheon and NOAA for failing to fix security holes on ground control system.

Will Obama's New Tech Squad Include Cyber Experts?

August 25 Digital Service team announcement didn’t mention privacy or security, while snoops continue targeting Internet users.

After Heartbleed, Is Open Source More Trouble Than It’s Worth?

August 25 Technology leaders should take another look at the critical but oft-forgotten infrastructure their agencies are riding on.

Two Months Later, Heartbleed is Still a Major Issue

June 24 More than 300,000 systems remain affected by Heartbleed.

Who Needs Heartbleed When Many Dot-Govs Don't Even Encrypt Communications?

June 11 26 percent of federal websites lack the proper configuration to thwart attackers from intercepting data entered by citizens, study finds.

Another Heartbleed-Style OpenSSL Vulnerability Discovered

June 6 The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday.

Heartbleed Superbug Found in Utility Monitoring Systems

May 16 Patches are available to fix the vulnerability.

How Computer Viruses Get Their Names

May 6 From Heartbleed to Koobface, these digital threats get named in a variety of ways.

Feds Would Have a Hard Time Keeping Zero-Days Under Wraps

April 30 The White House has established an interagency process to vet the pros and cons of disclosing future vulnerabilities.

How the NSA Undermines Cybersecurity to Protect You

April 30 As part of its push for mass surveillance, the spy agency has taken steps to sabotage cybersecurity.

Heartbleed Means Users Must Reset Passwords

April 19 The online marketplace's homepage directs users to change their login information.

How to Tell If Hackers Are Attacking Your Utility System Through Heartbleed

April 17 DHS issues bulletin listing 14 hallmarks of a Heartbleed breach.

Teen Arrrested for Exploiting Heartbleed to Hack Into Canadian Tax Agency

April 17 Ontario student is the first Heartbleed arrest.

Google Knew About Heartbleed and Didn’t Tell the Government

April 14 Companies may hesitate to cooperate with the feds after NSA surveillance revelations, ACLU technologist says.

Heartbleed Delays Taxes in Canada

April 14 You may want to change your tax software password.

Federal Websites Avoid Heartbleed Risks, DHS Says

April 11 But Akamai systems powering the Obamacare website contained the data-leaking vulnerability.