Linked by Thom Holwerda on Tue 8th Apr 2014 22:06 UTC
Privacy, Security, Encryption

Heartbleed, a long-undiscovered bug in cryptographic software called OpenSSL that secures Web communications, may have left roughly two-thirds of the Web vulnerable to eavesdropping for the past two years. Heartbleed isn't your garden-variety vulnerability, so here's a quick guide to what it is, why it's so serious, and what you can do to keep your data safe.

Serious.

Permalink for comment 586802
To read all comments associated with this story, please click here.
Maybe This Will Wake people up.
by oiaohm on Thu 10th Apr 2014 00:33 UTC
oiaohm
Member since:
2009-05-30

Closed and Open Source SSL libraries have all had bugs of different levels of disaster.

We have acid tests for html. There is no vendor neutral tests for SSL.

Remember with the GNUTLS issue it was like go use openssl. Reality we do need more than 1 SSL library/solution. Bugs will come.

http://arstechnica.com/information-technology/2010/02/microsoft-war... Yes those anti-open source will forget this.

At some point we have to get serous about secuirty.

1) If there is not a validation suite it cannot be secure.

Reply Score: 2