So. We all know of the outbreak that was announced some time back about why we should change their password on anything using OpenSSL (basically 2/3rds of the internet), but most people don't know how it actually worked, and how minor an error it was. This bug existed and went undetected for 2 years, not because of cover ups, (well, the NSA DID cover it up, but we're not talking about that) but because the error was on a SINGLE LINE OF CODE with a SINGLE out-of-place function. For those that don't program, a function is an idea in programming that takes inputs, processes it, and returns a single output.
Basically, a function in the heartbeat protocol, a part of ssl, did what it needed to do, but the way it worked was that it sent the client part of the computer's memory. This wouldn't normally be a problem because the data that was supposed to be sent back to the user was all that should have been all that was in the memory, the amount of which was decided by a payload. However, if the client send a payload larger than the normal response, the server sends some random stuff in it's memory. Sometimes this can be stuff like passwords.
For the previous paragraph, a TL;DR for it would be this video, which is my source. The creator sets up a website of his own, and attacks it with heartbleed to show what it is.
Also, this is NOT about heartbleed in particular, I'm just using it as an example of what can go wrong. How a single ever so slightly malformed line of code can cause a catastrophe that can shake the security of the internet. This is a warning to many programmers who plan to create professional programs. Here are a few tips I keep in mind while programming.
NEVER and I mean NEVER trust the client. Assume that the client is someone that a: is a malicious hacker or b: someone that doesn't know how to use it correctly. (and that is probably true of most casual computer users that use their computers as a home office, or for iTunes)
ALWAYS think of what can go wrong it every function you write. What if you try to launch a url based off of what someone types in and it's not a valid url? perhaps you can add an if statement checking if the url is valid before launching it? I usually look up all the exceptions that a function can throw and see if any of them can be achieved by clicking around buttons in the software, or modifying a text file it uses for options.
Make sure there the way you are doing something isn't sloppy. If you find a better way to do it halfway through development, USE IT
and just for normal people, if you hear something like heartbleed break out, just change your password. That is all you can do. It is also nice to check if the site you are using has a patched version of openssl before using it.