1 of 15Image
Heartbleed: Living the nightmare
With the mainstream media and general public now used to big tech stories, Heartbleed may be the most famous software vulnerability in history. Is it the worst ever?
It's up there. The pervasiveness of technology and our reliance on encryption, and SSL/TLS in particular, makes us sitting ducks for Heartbleed attackers, if there are any out there. On top of that, Heartbleed is a partly zero-day vulnerability; when the news broke, the fixes were in process, but far from complete.
And the consequences of Heartbleed are widespread. It may be that every SSL digital certificate needs to be reissued. You may need to change most, maybe all of your passwords. These things take time, and while they're taking their time we're open to attack.
In this gallery we have collected 15 of the most severe vulnerabilities in tech history. All the vulnerabilities are in software. One purely hardware vulnerability suggested to us — the thermal exhaust port on the Death Star — was deemed out of scope, even though it was a relatively critical bug.
SQL Slammer is the undisputed speed champion for vulnerabilities. With a tiny payload and through the magic of UDP, it spread across the world in a matter of minutes on January 25, 2003. (How tiny? The picture above is a complete disassembly of the worm, with comments added!)
The actual vulnerabilities exploited, multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE), had been patched months before by Microsoft, but there wasn't quite the sense of urgency back then that there is now about applying updates.
The breathtaking speed with which Slammer hit created fear of similar future attacks, but fortunately it was not to be. Slammer isn't the only worm we've had, but it's the only one that crossed the globe before anyone knew what was going on.
Image: Disassembly of Slammer worm, courtesy Immunity, Inc.