Linked by Thom Holwerda on Tue 8th Apr 2014 22:06 UTC
Privacy, Security, Encryption

Heartbleed, a long-undiscovered bug in cryptographic software called OpenSSL that secures Web communications, may have left roughly two-thirds of the Web vulnerable to eavesdropping for the past two years. Heartbleed isn't your garden-variety vulnerability, so here's a quick guide to what it is, why it's so serious, and what you can do to keep your data safe.


Thread beginning with comment 586735
To read all comments associated with this story, please click here.
Monoculture is bad
by Alfman on Wed 9th Apr 2014 05:24 UTC
Member since:

My own web servers were affected because they used OpenSSL. Just goes to show why monoculture is bad.

If something powers 66% of the web, that's too much risk. Independent implementations are important part of diversity, however in the security community that tends to be discouraged. ;)

Reply Score: 4

RE: Monoculture is bad
by Lennie on Wed 9th Apr 2014 10:00 in reply to "Monoculture is bad"
Lennie Member since:

A small part of that 66% of all webservers. Is actually Apache servers with GNU TLS instead of OpenSSL, if that makes you feel better. ;-)

Reply Parent Score: 3

RE[2]: Monoculture is bad
by bert64 on Wed 9th Apr 2014 10:08 in reply to "RE: Monoculture is bad"
bert64 Member since:

An even bigger portion of Apache servers don't use SSL at all...
Plenty of non-apache webservers also use openssl...
Lots of people are running old versions which date from before this bug was introduced, and thus were never vulnerable.

This is an issue with openssl rather than apache, and apache itself is quite diverse - many different versions running on many different platforms with many different configurations. It's not ideal but it could be a lot worse.

Reply Parent Score: 4