Heartbleed developer explains OpenSSL mistake that put Web at risk

The software developer who inserted a major security flaw into OpenSSL has said the error was "quite trivial" despite the severity of its impact, according to a new report.

The Sydney Morning Herald published an interview today with Robin Seggelmann, who added the flawed code to OpenSSL, the world's most popular library for implementing HTTPS encryption in websites, e-mail servers, and applications. The flaw can expose user passwords and potentially the private key used in a website's cryptographic certificate (whether private keys are at risk is still being determined).

The Herald reports:

Read 4 remaining paragraphs | Comments