There's been a lot of ( completely justified) freaking out over the Heartbleed Bug, which was recently unearthed in a popular bit of web server software called OpenSSl. This is a really serious problem- it created a huge security hole that could be exploited by hackers, and most disturbing, it would allow said hackers to steal information without leaving any traces in the server logs. In other words, there's absolutely no way to know if your system has been compromised, so the assumption must be that it has.
Yes, this is a great big computer security mess. Absolutely.
What this isn't is surveillance. This is a screw-up.
Dr Seggelmann, of Münster in Germany, said the bug which introduced the flaw was "unfortunately" missed by him and a reviewer when it was introduced into the open source OpenSSL encryption protocol over two years ago.
"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he said.
"In one of the new features, unfortunately, I missed validating a variable containing a length."
After he submitted the code, a reviewer "apparently also didn’t notice the missing validation", Dr Seggelmann said, "so the error made its way from the development branch into the released version." Logs show that reviewer was Dr Stephen Henson.
Dr Seggelmann said the error he introduced was "quite trivial", but acknowledged that its impact was "severe".