Internet bug’s pain not over
THE heartache from the Heartbleed internet flaw is not over: experts say the fix may lead to disruption.
The good news is that most vulnerable sites have patched their systems. The bad news is that web browsers might be overloaded by the overhaul of security certificates, says Johannes Ullrich of the SANS Internet Storm Center.
For each patch, browsers must update their list of “untrusted” cer- tificates or “keys” to be rejected.
“For the fix, the website needs to obtain a new private key and the old key has to be revoked,” he says. Browsers usually update dozens of keys daily, but Heartbleed may push this to tens of thousands.
If the verification process takes too long, says Ullrich, the browser might simply declare the site invalid — which might lead confused users to ignore the warnings. — AFP