Windows Has a Huge Vulnerabilty, Get the Patch Now

As scary as Heartbleed was this past spring, it looks like virtually every Microsoft Windows user is in for a little deja vu. Microsoft just released a critical patch for a huge server vulnerability—one that affects quite a few current versions of Windows out there. » 11/11/14 3:58pm 11/11/14 3:58pm

Google Found a Vulnerability In the SSL Encryption That Keeps Data Safe

While it's not causing Heartbleed-levels of panic—yet—this news is a little disconcerting: Google has discovered a vulnerability in an older version of SSL, which basically keeps everything we do on the web protected. » 10/14/14 7:01pm 10/14/14 7:01pm

Are Bugs Like Shellshock and Heartbleed Really Serious, or Just Hype?

Dear Lifehacker,
So Shellshock is the newest vulnerability that may "break the internet." The last time they said that, it was about Heartbleed. Do I really need to be worried about all these bugs and vulnerabilities, or is this stuff tech companies need to care about? Can someone actually use these against me? » 10/01/14 11:34am 10/01/14 11:34am

More than Half of Heartbleed-Vulnerable Servers Are Still Exposed

Over 300,000 servers out of the 600,000 that were vulnerable to Heartbleed are still unpatched two months after the nasty vulnerability in OpenSSL was discovered by a Google engineer. » 6/22/14 12:05pm 6/22/14 12:05pm

Internet Vulnerability Left Encrypted Data Exposed For 10 Years

It's been just a few months since the Heartbleed OpenSSL security flaw was discovered, and we're again learning about gaping hole in the widely used security protocol. The good news is that there's a fix. The bad news is that the vulnerability has existed for a decade, and we'll never know how much it was exploited. » 6/05/14 11:34am 6/05/14 11:34am

One Month on, 300,000 Servers Remain Affected By Heartbleed

It's over a month since the world was alerted to the Heartbleed bug, but that doesn't mean we should have forgotten about it. Quite the opposite in fact, because 300,000 servers apparently remain affected by the security hole. » 5/09/14 3:45am 5/09/14 3:45am

Developers: Heartbleed-Affected OpenSSL Code Is Beyond Repair

OpenSLL is screwed, and as a result we've got Heartbleed. But now a team of developers working to overhaul the code have deemed it beyond repair—and are instead creating an alternative, forked version. » 4/23/14 5:00am 4/23/14 5:00am

U.S. Gov't Changed Your HealthCare.gov Password Because of Heartbleed

Heartbleed, the gaping flaw that left the internet's security gate wide open for more than two years, is causing headaches for yet another site: the beleagured Healthcare.gov. The government says the site has not been compromised, but officials have reset all user passwords "out of an abundance of caution." » 4/19/14 3:00pm 4/19/14 3:00pm

Running the Heartbleed Code to See Exactly How It Works

By now, you've read all about Heartbleed—but what, exactly, does it look like in action? Thankfully some nerdy brave computer scientists have run it, so you don't have to. » 4/18/14 7:30am 4/18/14 7:30am

Canadian Teen Is the First Arrested for Stealing Data With Heartbleed

In what's sure to be the first of many to come, a 19-year-old Canadian man was arrested for exploiting the Heartbleed bug to lift taxpayer data from a government website, making this the first official Heartbleed-related arrest. » 4/16/14 3:53pm 4/16/14 3:53pm

How to Check If Your Android Device Could Be Hacked via Heartbleed

Heartbleed is causing heartache on hundreds of servers all over the internet, but security researchers have also warned that the bug could allow direct hacks of Android, too. Here's how to check if your device is at risk. » 4/15/14 6:45am 4/15/14 6:45am

NYT: Obama Lets the NSA Exploit Some Internet Flaws

Over the weekend, it was revealed that President Obama thinks that when the National Security Agency discovers major flaws in Internet security, they should be allowed to exploit it if there's a "a clear national security or law enforcement need." » 4/14/14 3:40am 4/14/14 3:40am

Report: NSA Used Heartbleed to Spy on People for Years

It's true. After days of speculation over whether the NSA knew about the Heartbleed vulnerability that affected as many as two thirds of the websites on the internet, two anonymous sources tell Bloomberg that the NSA didn't just know about it, they used it to gather intelligence. » 4/11/14 3:05pm 4/11/14 3:05pm

How a Great Logo Helped Make You Actually Care About Heartbleed

You might not understand the how Heartbleed works, but you definitely heard about it this week. And with it, that drippy, maroon, bleeding heart logo—which is part of what made the story so memorable. In fact, the way Heartbleed was presented by the team that discovered it is a model for how technology issues should… » 4/11/14 2:00pm 4/11/14 2:00pm

Heartbleed Affects Routers, Too

Some more heartache from Heartbleed: it affects routers, too. Cisco Systems and Juniper Networks have announced that the security hole that is Heartbleed has been found in their networking equipment. » 4/11/14 3:21am 4/11/14 3:21am

How Secure Are Your Favorite Websites?

Heartbleed is a scary thing. Aside from the violent-sounding name, the vulnerability in OpenSSL security protocols spans the entire internet and affects most of the sites we know, love, and use on a daily basis. Even outside of Heartbleed, not all security protocols are created equal. So how do you know who to trust? » 4/10/14 2:24pm 4/10/14 2:24pm

The Heartbleed-Vulnerable Passwords You Need to Change Right Now

By now, chances are you've already heard about the preposterously huge security hole in SSL. You've also probably heard how it could easily have left you exposed to all sorts of nefarious activity over the past few years. Now, thanks to Mashable, we also have a better idea of exactly which websites had the flaw. » 4/10/14 1:06pm 4/10/14 1:06pm

LastPass Now Tells You Which Heartbleed-Affected Passwords to Change

This week, a giant security hole came to light that affects a large portion of the internet. As different sites recover, you'll need to change your passwords, and now LastPass tells you when to do so. » 4/10/14 8:53am 4/10/14 8:53am

How Heartbleed Works: The Code Behind the Internet's Security Nightmare

By now you've surely heard of Heartbleed, the hole in the internet's security that exposed countless encrypted transactions to any attacker who knew how to abuse it. But how did it actually work? Once you break it down, it's actually incredibly simple. And a little hilarious. But mostly terrifying. » 4/09/14 2:59pm 4/09/14 2:59pm

The Simple Secruity Measure That Could've Stopped Heartbleed Dead

We learned yesterday of a catastrophic bug, nicknamed "Heartbleed," that has critically threatened the security of some HTTPS sites since 2011. By some estimates, Heartbleed affects 2 out of 3 web servers on the Internet. » 4/09/14 3:35am 4/09/14 3:35am