"Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!"

The Heartbleed bug turned ten years old on April 1. In March 2014, Google and Codenomicon discovered the Heartbleed bug in OpenSSL, and it was reported on April 1, 2014. The issue was a small error in the OpenSSL implementation of the TLS/DTLS protocols in versions 1.0.1 to 1.0.1f, but the impact was significant. It enabled the theft of X.509 certificate secret keys, usernames and passwords, communications, and documents by remote attackers. According to Netcraft figures from April 2014, two-thirds of the Internet used servers that applied OpenSSL, and exploitation was undetectable. Heartbleed rendered most certificates vulnerable. The future problem is that quantum decryption will render all certificates and everything else using RSA encryption vulnerable. Kevin Bocek, Venafi's chief innovation officer, compared Heartbleed to the future quantum debacle known as QuantumBleed. This article continues to discuss the history of the Heartbleed bug and the future problem of quantum decryption making all certificates and everything else using RSA encryption vulnerable.

SecurityWeek reports "Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!"

Submitted by grigby1

Submitted by Gregory Rigby on