While I was attending Computers in Libraries, a story blew up on the Net about a vulnerability in OpenSSL that allows people to snoop the contents of a buffer overflow and receive data to which they are not cleared. Now, that’s a technical version of it. The simpler version is to say that OpenSSL is a encryption method to send secret information, like passwords, back and forth to servers. It’s supposed to be secure and the information sent over OpenSSL is supposed to be unreadable.
When you find out that it’s broken, and has been for two years, it’s like finding out that while everyone in your neighbourhood doesn’t have keys to your house, the keys they do have will still open your front door.
For the non-technical, no-jargon-please librarians out there, I offer a couple of excellent and easy to understand explanations of the Heartbleed bug. One is a cartoon and the other is a video from an expert on the World Wide Web. I think both of them explain Heartbleed in excellent, non-technical ways that everyone can understand.
And then, Tom Scott: