This past year was notable for the number of critical security vulnerabilities that researchers discovered in widely used software. Several of these recently discovered bugs created major headaches for enterprise application development teams that had incorporated popular open source projects into their applications. Wired put together a list of the five worst of these vulnerabilities discovered in 2014:
- Heartbleed–the OpenSSL vulnerability which left two thirds of Web servers open to hackers and enabled the theft of passwords and other sensitive data.
- Shellshock–a flaw in the Unix bash feature that had existed for 25 years without anyone realizing it.
- Poodle–a bug in SSL version 3 that left users on open Wifi networks vulnerable.
- Gotofail–another encryption flaw that affected Apple’s iOS and OS X users.
- BadUSB–any USB drive that uses rewriteable chips (and users generally can’t tell if their USB drive has these chips or not) is susceptible to malware if users plug it in to an infected machine.