If you find yourself unable to access your favorite websites over the next few weeks, don’t worry: The Internet isn’t broken, it’s just undergoing very needed repairs. The Washington Post has talked with some security experts who expect that patching the Heartbleed bug is going to cause major disruptions on the Internet for a while as major web companies scramble to guard their websites against a bug that caught the tech world flat-footed last week.
“Imagine if we found out all at once that all the doors everybody uses are all vulnerable — they can all get broken into,” Jason Healey, a cybersecurity scholar at the Washington-based Atlantic Council, told the Post. “The kinds of bad things it enables is largely limited only by the imagination of the bad guys.”
Heartbleed is a major flaw in OpenSSL, the security protocol used to encrypt web traffic, that could potentially allow hackers to swipe any data that users send over the web. News about the bug sent shockwaves throughout the tech industry last week as companies are now quickly trying to patch security holes on their own websites to keep their users’ data safe.
One big danger with Heartbleed is that it may allow hackers to steal the security certificates of Google, Facebook, Yahoo and other websites, which they can then use to create fake versions of those sites where unsuspecting users will hand over their user names and passwords. While this kind of hack is sophisticated and time consuming — as the Post notes, it took hacker Fedor Indutny around 2.5 million requests of a particular server before he got access to its certificates — it’s definitely possible for dedicated hackers who are determined to steal user data.
What this means is that websites everywhere now have to go through the arduous process of revoking their current security certificates and issuing new ones to make sure that hackers aren’t able to spoof their websites’ credentials. And because so many websites are going to be doing this all at once, we should expect some major disruptions to the Internet for a while until all the work is done.