Heartbleed Bug Fixes Threaten to Cause Major Internet Disruptions in Coming Weeks

by  Brian Fung, The Washington Post 

 Major disruptions to the Internet are expected over the next several weeks as companies scramble to fix the Heartbleed bug, which enables hackers to create replica websites where data can be intercepted using stolen security certificates.

The upcoming surge in sites revoking and reissuing security certificates within a short time span is expected to drastically impact loading times as estimates of the severity of the bug’s damage increases almost daily. Cybersecurity experts say there are few good options for addressing the Heartbleed vulnerability, which by some estimates affected as much as two-thirds of the Internet.

Although there have not been any reported incidents of anyone exploiting the Heartbleed vulnerability, nine hours after CloudFare challenged hackers to steal a dummy server’s security certificate, Fedor Indutny did it.

Although many websites quickly updated their systems following the Heartbleed revelations, CloudFare’s challenge indicates that affected sites must revoke their existing security certificates and get new ones. Doing so would make the lists of revoked security certificates that are downloaded by Web browsers much longer than normal, which in turn would significantly slow down the process of verifying a site’s identity. However, Atlantic Council cybersecurity scholar Jason Healey says the only other option is to do nothing, which he says is not realistic.

Read the article in the Washington Post