Heartbleed fixes could slow browsing speeds
Slow speeds predicted
The efforts to repair damage from the Heartbleed bug may cause internet browsing speeds to slow down, it has been reported.
According to the Washington Post, security experts believe the internet could “slow to a crawl” over the coming weeks. This is due to the huge number of sites that will be updating their security settings to prevent vulnerabilities caused by the bug.
Heartbleed is a security flaw which has affected an estimated 500,000 sites using OpenSSL to encrypt passwords and personal details. Many of these sites have now patched their OpenSSL software to fix the flaw.
However, it has recently been suggested that hackers could exploit the bug to steal the security certificate from a site’s server. This would allow a duplicate site to be set up, which the browser would not flag as dubious, possibly causing users to unwittingly hand over their details to the fake.
Experts believe the best way to prevent this latest vulnerability is for all sites affected to revoke their security certificates and issue new ones. However, when a user visits a secure site, most browsers will download the list of revoked security certificates to their computer, in order to check the site is secure. According to the Post, this could cause huge problems:
“Because sites rarely change their certificates, the lists are relatively short. But the Heartbleed exploit now requires hundreds of thousands of sites to add their certificates to the list, practically overnight. The certificate revocation lists will become bloated with new entries. And browsers will continue to download the now-massive files.”
Paul Mutton, consultant at security firm Netcraft, said this could equate to “hundreds of megabytes”.
Ranking reward for secure sites?
Meanwhile, speculation is mounting that Google could reward sites that use good encryption practices with better search rankings. It follows Matt Cutts stating in March that he would personally love to make encryption part of the algorithm.
Natalie Booth, head of search at theEword, commented: “If browsing speeds slow down significantly for a while as predicted, it could be annoying for users; it could have an impact on the businesses affected too, as customers are unable to use sites as they want. However, it’s a small price to pay for security.”