Skip to main content

Does the Heartbleed Bug Mean You Should Stay Off the Internet?

EFF IN THE NEWS

Does the Heartbleed Bug Mean You Should Stay Off the Internet?

While there is a fixed OpenSSL version that websites can download, it can take time to roll out the new program across a website's entire infrastructure. Budd notes that companies will have to weigh the risk of an attack against the potential that the entire website might come crashing down if a new coding error is introduced. That might dissuade companies from acting quickly. Additionally, after a website installs the new "fix," it needs to update its SSL certificate, a process that can take a little time. Jeremy Gillula, staff technologist at the Electronic Frontier Foundation, notes that even if a website has downloaded the fix, if it hasn't updated its certificates, it "could still be subject to a man-in-the-middle-attack on its users."

Wednesday, April 9, 2014
Mother Jones

Related Issues

JavaScript license information