When the Heartbleed vulnerability made headlines last spring, Internet companies went into a frenzy: Creating patches, moving away from OpenSSL, and warning users to reset their passwords.
But while we haven’t heard much about it lately — and many servers have been updated to avoid it — Heartbleed is still very much a problem.
The problem is that OpenSSL is in everything.
“It’s an infrastructure hack, and it’s deep … it puts into question everything that we use on the Internet,” said Sami Nassar, CEO of secure element chip maker NXP.
He calls Heartbleed the death knell for SSL. While some will argue that SSL became obsolete a long time ago, its use is still pervasive. So what’s scary to Nassar is that though the news cycle around Heartbleed ended long ago, the damages are still ravaging on.