Despite being a library that most people outside of the technology industry have never heard of, the Heartbleed bug in OpenSSL caught the attention of the mainstream press when it was uncovered in April 2014 because so many websites were vulnerable to theft of sensitive server and user data. At LinuxCon Europe, Rich Salz and Tim Hudson from the OpenSSL team did a deep dive into what happened with Heartbleed and the steps the OpenSSL team are taking to improve the project.
Heartbleed certainly shook up a lot of companies, and whilst a lot of companies did their best to get system updated, doing so has caused users side effects, including me.
I use an extension for Chrome/Chromium called HTTPS Everywhere and this forces HTTPS connections to the site you’re visiting. However, since the patching of Heartbleed, some sites have started misbehaving and only work “properly” if I use either the Incognito mode (which means no extensions), or if I deactivate HTTPS Everywhere for the site in question. The side effect of this, unfortunately, means my net traffic to the site in question is exposed via non-secure HTTP. Fortunately, I have encountered only two sites so far which have this problem, neither of them I am too concerned (at the moment) about:
If I encounter any more, I’ll post it here.