A few months ago a bug that came to be known as Heartbleed made the rounds. This is a serious bug that affects the most sensitive parts of the public internet, making it possible under the right conditions for almost anything that’s supposed to remain secret to be available for the asking. Passwords, banking info, almost any other kind of personal info–all out there. Less obviously, the internal keys that run the secure infrastructure itself are also at risk, so even after the bug gets patched, affected systems could still be compromised (by someone who now holds a copy of sensitive internal encryption keys). So fixing the bug alone isn’t enough–also ALL the internal passwords need to be changed.
As usual XKCD has a great visualization of the bug.
There are several factors that put this into a different category than other bugs. If your Microsoft Word crashes, that’s annoying and potentially personally catastrophic if you lose your precious data. But that kind of bug only affects one user at a time. You could ignore it (as millions apparently do) or press the manufacturer for a fix.
Heartbleed affects everyone. It attacks infrastructure. Imagine the postal system suddenly having all envelopes turn transparent. Imagine the voting system suddenly no longer being private. We only squeaked by because the huge segment of the internet using the affected software was able to quickly update to a newer version (though some ‘firmware’ version burned into routers, printers, etc. are more difficult to update). Since then, other bugs in the same vein have surfaced. Imagine if multiples of these kinds of bugs hit at the same time.
I can imagine a scenario where cross-dependencies among multiple critical bugs get so tangled that there isn’t an easy way out. Scary thought, but this is just the beginning…