special report

Everything You Need to Know About Superbug Heartbleed

A coding flaw in the encryption software that underlies much of the Internet was disclosed on April 7, triggering a scramble as Web administrators tried to fix the problem on sites including Yahoo, Facebook, Tumblr and OKCupid.

Although government websites -- including -- appear to have used software that was vulnerable to the Heartbleed bug, all major federal sites avoided exposure, according to the Homeland Security Department. The White House denied speculation that the National Security Agency knew of and exploited Heartbleed.

Although it’s not clear Heartbleed was exploited before it was disclosed to the public, the vulnerability could have allowed hackers to access passwords, chats and other information from websites across the Internet. They also may have accessed information that would enable them to impersonate affected sites that have already implemented the coding patch.  

See our ongoing coverage of the vulnerability below.


Two Months Later, Heartbleed is Still a Major Issue

June 24 More than 300,000 systems remain affected by Heartbleed.

Who Needs Heartbleed When Many Dot-Govs Don't Even Encrypt Communications?

June 11 26 percent of federal websites lack the proper configuration to thwart attackers from intercepting data entered by citizens, study finds.

Another Heartbleed-Style OpenSSL Vulnerability Discovered

June 6 The new bug SSL/TLS MITM was posted by the OpenSSL group in a formal advisory on Thursday.

Heartbleed Superbug Found in Utility Monitoring Systems

May 16 Patches are available to fix the vulnerability.

How Computer Viruses Get Their Names

May 6 From Heartbleed to Koobface, these digital threats get named in a variety of ways.

Feds Would Have a Hard Time Keeping Zero-Days Under Wraps

April 30 The White House has established an interagency process to vet the pros and cons of disclosing future vulnerabilities.

How the NSA Undermines Cybersecurity to Protect You

April 30 As part of its push for mass surveillance, the spy agency has taken steps to sabotage cybersecurity.

Heartbleed Means Users Must Reset Passwords

April 19 The online marketplace's homepage directs users to change their login information.

How to Tell If Hackers Are Attacking Your Utility System Through Heartbleed

April 17 DHS issues bulletin listing 14 hallmarks of a Heartbleed breach.

Teen Arrrested for Exploiting Heartbleed to Hack Into Canadian Tax Agency

April 17 Ontario student is the first Heartbleed arrest.

Google Knew About Heartbleed and Didn’t Tell the Government

April 14 Companies may hesitate to cooperate with the feds after NSA surveillance revelations, ACLU technologist says.

Heartbleed Delays Taxes in Canada

April 14 You may want to change your tax software password.

Federal Websites Avoid Heartbleed Risks, DHS Says

April 11 But Akamai systems powering the Obamacare website contained the data-leaking vulnerability.

NSA Reportedly Exploited Heartbleed Bug for Spying Purposes

April 11 Because the agency hasn't already reportedly done enough.

This image taken from a video posted by Internet hackers, Anonymous on the Greek Justice Ministry web site.

U.S. Promises Not to Sue Companies for Discussing Hacks

April 10 Feds want businesses to work together to thwart hackers -- and vulnerabilities like Heartbleed.

The Heartbleed Bug Shows How Fragile the Volunteer-Run Internet Can Be

April 10 It's the worst thing to happen to the Internet since it became a mass medium in the early 2000s, one CEO says.

How to Check If a Site Is Safe From 'Heartbleed'

April 9 Change your password in any case.

What You Need to Know About Heartbleed, the New Security Bug Scaring the Internet

April 9 You'll have to change all of your passwords, and temporarily avoid any site known to be vulnerable.