Everything You Need to Know About Superbug Heartbleed
A coding flaw in the encryption software that underlies much of the Internet was disclosed on April 7, triggering a scramble as Web administrators tried to fix the problem on sites including Yahoo, Facebook, Tumblr and OKCupid.
Although government websites -- including HealthCare.gov -- appear to have used software that was vulnerable to the Heartbleed bug, all major federal sites avoided exposure, according to the Homeland Security Department. The White House denied speculation that the National Security Agency knew of and exploited Heartbleed.
Although it’s not clear Heartbleed was exploited before it was disclosed to the public, the vulnerability could have allowed hackers to access passwords, chats and other information from websites across the Internet. They also may have accessed information that would enable them to impersonate affected sites that have already implemented the coding patch.
See our ongoing coverage of the vulnerability below.
October 24, 2014 Half a year on from Heartbleed, what’s changed?
October 3, 2014 New rules published by the Office of Management and Budget require agencies to agree to proactive scanning.
September 2, 2014 With so many resources focused on preventing the next big security threat, are agencies vulnerable to the rest of the threats out there?
August 26, 2014 IG slams Raytheon and NOAA for failing to fix security holes on ground control system.
August 25, 2014 Digital Service team announcement didn’t mention privacy or security, while snoops continue targeting Internet users.
August 25, 2014 Technology leaders should take another look at the critical but oft-forgotten infrastructure their agencies are riding on.
June 24, 2014 More than 300,000 systems remain affected by Heartbleed.
June 11, 2014 26 percent of federal websites lack the proper configuration to thwart attackers from intercepting data entered by citizens, study finds.
June 6, 2014 The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday.
May 16, 2014 Patches are available to fix the vulnerability.
May 6, 2014 From Heartbleed to Koobface, these digital threats get named in a variety of ways.
April 30, 2014 The White House has established an interagency process to vet the pros and cons of disclosing future vulnerabilities.
April 30, 2014 As part of its push for mass surveillance, the spy agency has taken steps to sabotage cybersecurity.
April 28, 2014 Old computers are much more vulnerable.
April 19, 2014 The online marketplace's homepage directs users to change their login information.
April 17, 2014 DHS issues bulletin listing 14 hallmarks of a Heartbleed breach.
April 17, 2014 Ontario student is the first Heartbleed arrest.
April 14, 2014 Companies may hesitate to cooperate with the feds after NSA surveillance revelations, ACLU technologist says.
April 14, 2014 You may want to change your tax software password.
April 11, 2014 But Akamai systems powering the Obamacare website contained the data-leaking vulnerability.
April 11, 2014 Because the agency hasn't already reportedly done enough.
April 11, 2014 Your two-point to-do list for the weekend.
April 10, 2014 Feds want businesses to work together to thwart hackers -- and vulnerabilities like Heartbleed.
April 10, 2014 It's the worst thing to happen to the Internet since it became a mass medium in the early 2000s, one CEO says.
April 9, 2014 Change your password in any case.
April 9, 2014 You'll have to change all of your passwords, and temporarily avoid any site known to be vulnerable.