By Ian Barker

 

Most information security scares come and go with relatively little fanfare, some though make a splash and catch the attention of the public and media.

Heartbleed was the latest to fall into the latter category and sent the IT world into a bit of a frenzy. But how bad was it really? Security specialist Secunia rates vulnerabilities on a one to five scale and given the amount of publicity it received you might expect Heartbleed to be at the top end.

 In fact Secunia only rates it as a "moderately critical" three, a score usually used for denial of service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction.

Secunia's Director of Research and Security, Kasper Lindgaard explains, "It gets this rating because it enables information retrieval from remote without any user interaction or authentication requirements".

You can read more on Lindgaard's blog and Secunia has produced an infographic charting the timeline of the bug which you can see below.

 

 

betanews/ full read here/ http://betanews.com/2014/06/20/heartbleed-really-that-bad/