In April, 2014, CVE-2014-0160 was released, better known as the Heartbleed bug. Heartbleed is devastating – it can reveal sensitive information not just of the user, but anything on the machine. In practice it has been used to export private keys for TLS/SSL certificates. These stolen private keys can then be used to impersonate a legitimate website for the purposes of stealing credentials, performing phishing attacks, and other malicious activity. It is hard to understate the potential damage that Heartbleed could create. When Heartbleed was first released,┬áRobert Graham scanned 28 million machines across the Internet, and found over 615,000 of them were vulnerable to Heartbleed. As soon as the vulnerability was disclosed, web hosting providers, commercial software vendors, and even[…]