Heartbleed is about to get worse, and it will slow the Internet to a crawl

The Heartbleed bug has put many consumers' user names and passwords at risk. Undetected for two years, the bug quietly undermined the basic security of the Internet.

But on top of all that, security researchers have now confirmed that Heartbleed could have been used by hackers to steal sensitive data needed to set up fake Web sites posing as legitimate ones. Analysts say criminals could use Heartbleed to impersonate as many as 500,000 sites across the Web. Those sites have yet to replace the security certificates responsible for verifying their identity to Web browsers.

But even after the sites do update their security certificates, Web browsers may still be unable to tell the difference between a fake site and the real one. Consumers could easily fall victim to online fraud if they go to one of the fake sites. It gets worse. The expected flood of certificate revocations is likely to seriously degrade the speed of the Internet, primarily because the global system for tracking certificate revocations is not equipped to handle such a massive change.