Computer security expert Bruce Schneier has weighed in on Heartbleed, the security flaw that opens up much of the Web to hacks.
In a post on his personal blog, Schneier calls Heartbleed a “catastrophic” attack that could allow hackers to easily grab user names and passwords.
“On a scale of 1 to 10, this is an 11,” he writes.
Heartbleed is a flaw in OpenSSL, or the standard encryption many sites and online services use to keep your username and password encrypted. In theory, a hacker can use the Heartbleed flaw to access passwords, encrypted communications like instant messages, and even credit card information.
Schneier also speculates that someone could have intentionally added the Heartbleed bug to OpenSSL, but it’s more likely it got in there by accident.