Skip to main content

"Could trying to fix Heartbleed slow down the Internet?" experts worry

Browsing speeds across the Internet could be slowed down, analysts say, as thousands of sites attempt to defeat attacks stemming from the recent Heartbleed bug reveal.

Just the sheer number of sites attempting to fix the bug at the same time could cause delays, while the updates could force browsers to check long lists of safe sites in order to reach them.

Read more: How worried should you be about Heartbleed?

About half a million websites are thought to have been vulnerable to the bug, which allowed attackers to slowly leech data from affected web servers.

Google, Facebook, OKCupid and DropBox, among other sites, have now successfully patched their versions of security software OpenSSL, which the bug exploited.

"It would be safest to assume that all of the 500,000 certificates have been compromised," security analyst Paul Mutton told the BBC. "Most Certificate Authorities are offering to reissue and revoke for free, so there is no excuse not to take action."

The reissuing of these certifactes, however, Mutton warns, could have a knock-on effect on speed of web browsers. As secrurity certificates are revoked, browsers will have extra work to do to discover if a websites credentials are genuine.

"Certificate revocation has always been a bottleneck since SSL was invented," said Dr Mark Manulis, a senior lecturer at the University of Surrey's computing department who specialises in cryptography. "Each browser would have to contact each of those authorities and download the lists because those lists are not shared."

See more: Millions of Android users at risk from Heartbleed

In the wake of Heartbleed, OpenSSL has sent out pleas for donations to fund the recruitment of specialists to help maintain the ubiquitous security software.

"If you're a corporate or government decision-maker in a position to do something about it, give it some thought," wrote president Steve Marquess in a blog post.