Conspiracy theories have been building about Heartbleed, but the man whose coding error caused the vulnerability says it was an honest mistake. Dr. Robin Seggelman, a German programmer, says he was trying to improve OpenSSL with the patch that introduced Heartbleed—his other patches to the open-source software project have fixed bugs and added new features. "It was a simple programming error," he tells the Sydney Morning Herald, and a "quite trivial" one at that—which happened to have a "severe" impact.
The OpenSSL consultant who reviewed the patch missed the mistake too—reviewers generally look only at how an algorithm works, not the code itself, one expert explains. Seggelman, 31, is an influential and burgeoning academic who has been working on cybersecurity issues since 2009. He introduced the patch on New Year's Eve, 2011. "It's hard to be mad at a guy so devoted to a project that he was doing bug fixes on a holiday," writes Kashmir Hill at Forbes. In other Heartbleed news:
- A Google Security researcher who helped expose the bug is donating the $15,000 reward he earned for doing so to a crowdfunding campaign to create encryption tools for journalists to help them avoid the watchful eye of the NSA and US government, the Daily Dot reports. Neel Mehta's contribution pushed the campaign over its $100,000 goal.
- Meanwhile, security experts warn Reuters that the Heartbleed bug's impact could extend beyond web servers, possibly allowing hackers to crack mobile phones and even security products like firewalls.