OpenSSL: The single line of code that broke online security

On New Years Eve in 2011, at one minute before 11pm, a British computer consultant named Stephen Henson finished testing a new version of a popular piece of free security software. With a few keystrokes he released OpenSSL version 1.0.1 into the public domain. Now, more than two years later, the events of that night have shaken the foundations of the internet.

OpenSSL is used as the backbone of online security by hundreds of thousands of websites. One of the most popular features it provides is Transport Layer Security (TLS), which scrambles (encrypts) private communications. When you're checking your bank account or your webmail and you see that green padlock in your browser's address bar, you're using TLS.

This encryption is necessary because without it hackers and governments could easily intercept and read all the data passed around the internet. Think of TLS as a system of armoured cars that securely transport your data across the public internet between secure locations – from you own computer to your bank's servers, for example.