2014 was the year of the mega-bug. We saw more and bigger attacks on software this year, especially on the so-called "legacy code" in established programs.
Here are the year's five most threatening software bugs, as presented by Wired:
1. Heartbleed. Exposed in April, Heartbleed triggered the biggest mass password reset of all time. Hackers were able to attack servers using OpenSSL through a flaw that existed for more than two years. Heartbleed allowed hackers to strip encryption and collect sensitive data directly from servers — and there was no way to tell what data had been stolen. Many embedded devices like webcams and printers are still not patched.
2. Shellshock. This bug lied dormant for 25 years until this September. Shellshock was a flaw in the Linux and Mac shell tool "bash" feature in which hackers could enter a specific string of characters in an HTTP request and run commands on web servers. Thousands of machines became part of botnets, or networks of computers that obey hacker commands.
3. Poodle. Detected by Google researchers, this encryption bug attacked PCs and phones connected to servers. It was a major threat for open WiFi networks because it allowed hackers to access data between online servers and victims' computers on the same network as the hacker.
4. Gotofail. Named for a misplaced "goto" command, this bug allowed Apple users' Internet traffic to be intercepted by users on the same local network. It was discovered in February and Apple first released a patch for iOS without having one ready for OSX. Essentially, this publicized the bug while leaving Apple OSX and desktop users vulnerable to attack.
5. BadUSB. This bug is nearly impossible to fix because it affects the firmware of USB chips, not the Flash memory, which is typically checked for viruses. Announced in July by researcher Karsten Nohl, BadUSB affects about half of USB chips. These chips are rewriteable and can be infected with malware, allowing hackers to control USB drives. In the words of Mr. Nohl, USB chips should now be treated like "syringes," and not shared or plugged into unknown machines.
More articles on health IT:
Dignity Health hospital reports data breach, found physician notes available online
CIOs: This personality trait could hinder your job performance