Security Expert: On A Scale Of 1 To 10, The Hearbleed Bug Affecting Almost Everyone Online Is An 11
In a post on his personal blog, Schneier calls Heartbleed a "catastrophic" attack that could allow hackers to easily grab user names and passwords.
"On a scale of 1 to 10, this is an 11," he writes.Heartbleed is a flaw in OpenSSL, or the standard encryption many sites and online services use to keep your username and password encrypted. In theory, a hacker can use the Heartbleed flaw to access passwords, encrypted communications like instant messages, and even credit card information.
Schneier also speculates that someone could have intentionally added the Heartbleed bug to OpenSSL, but it's more likely it got in there by accident.