In 2011, a 29-year-old grad student at the University of Münster in Germany made some coding alterations to OpenSSL, the secure sockets layer used on half a million websites around the world, including banks, financial institutions and even Silicon Valley companies such as Yahoo, Tumblr, and Pinterest.

Unfortunately the code contained a security flaw. At one hour before midnight on New Year’s Eve 2011, a British computer consultant approved the new code and submitted it into the release stream, failing to notice the bug. The vulnerable code went into wide release in March 2012 as OpenSSL Version 1.0.1.

So began the “Heartbleed” vulnerability. For two years until it was noticed in April 2014 any attacker could exploit the vulnerability to obtain the “crown jewels” of the server itself, that is, the master key or password that would unlock all the accounts and enable access to everything coming or going from the server…