Robin Seggelmann, a programmer based in Germany, submitted the code in an update submitted at 11:59pm on New Year's Eve, 2011. It was supposed to enable a function called “Heartbeat” in OpenSSL, the software package used by nearly half of all web servers to enable secure connections.
His update did enable Heartbeat, but an “oversight” led to an error with major ramifications. But it accidentally created the “Heartbleed” vulnerability, which has been described as a “catastrophic” flaw which laid the contents of thousands of web servers open to hackers.
It has also been discovered in Cisco and Juniper routing gear, which could mean that hackers could capture sensitive data such as passwords passing over the internet.
Perhaps more oversight is needed to prevent future oversights on software installed on “half of all web servers” and enterprise network equipment, not that I mind at all redoing all my passwords.