Linked by Thom Holwerda on Tue 8th Apr 2014 22:06 UTC
Privacy, Security, Encryption

Heartbleed, a long-undiscovered bug in cryptographic software called OpenSSL that secures Web communications, may have left roughly two-thirds of the Web vulnerable to eavesdropping for the past two years. Heartbleed isn't your garden-variety vulnerability, so here's a quick guide to what it is, why it's so serious, and what you can do to keep your data safe.

Serious.

Permalink for comment 586751
To read all comments associated with this story, please click here.
RE[2]: Monoculture is bad
by bert64 on Wed 9th Apr 2014 10:08 UTC in reply to "RE: Monoculture is bad"
bert64
Member since:
2007-04-23

An even bigger portion of Apache servers don't use SSL at all...
Plenty of non-apache webservers also use openssl...
Lots of people are running old versions which date from before this bug was introduced, and thus were never vulnerable.

This is an issue with openssl rather than apache, and apache itself is quite diverse - many different versions running on many different platforms with many different configurations. It's not ideal but it could be a lot worse.

Reply Parent Score: 4