Heartbleed, a newly discovered security flaw in the most widely used software for encrypting web traffic, is indeed a “big deal”, as Fairfax and, well, everyone is reporting. It’s a real problem that could affect every Australian’s everyday security online in ways we’re only beginning to understand. Yet our cybersecurity policies focus on esoteric threats like terrorist attacks. Wrong.
More formally known as CVE-2014-0160, its catalogue number in the database of software security vulnerabilities now sponsored by the United States Department of Homeland Security, Heartbleed is a flaw in software called OpenSSL, which is used to encrypt internet traffic — including, typically, the data flows between your computer and a secure website, or between the apps running on your smartphone and the remote computers that provide the services in question.