No joke, this company wants to be hacked with Heartbleed

Author: 
Coverage Type: 

Most of us have spent the last few days trying not to fall victim to the Heartbleed bug -- changing passwords, checking routers, making sure we're protected, and so on. But one company is actively inviting hackers to try to steal a secret key from a server that contains the vulnerability.

How can this possibly be a good idea?

Well, if the challenge works, it could help security researchers better understand Heartbleed and the danger it represents. Cloudflare, the Internet infrastructure company behind the hacking challenge, says that if somebody can prove that stealing that security key is possible, it would have tremendous implications for the Web's smooth performance.

So the company set up a dummy server with the Heartbleed vulnerability and is encouraging people to use it to break in.

The company's own tests suggest it's really hard to steal a certificate and impersonate someone. But it's impossible to be 100 percent sure; you can never really prove that something won't happen. So throwing more manpower at the problem will help tell us just how hard it is to steal a key. Cloudflare is now tracking "thousands" of people plugging away at the challenge. So far, nobody's solved it. Let's hope it stays that way.


No joke, this company wants to be hacked with Heartbleed