View Single Post


April 12th, 2014, 23:48
The bug was actually created by a German engineer who has confessed it was an accident, and not intentional. Here is some of the information with links if anyone is curious. So I don't see the need to cry foul with conspiracy theories.

He lives in the German city of Munster and is among the community of programmers who contribute code to the OpenSSL project. OpenSSL is the open-source software that provides encryption for two-thirds of the Web's servers.

Seggelmann told the the Sydney Morning Herald that he did not notice the error when he wrote the flawed code that became the Heartbleed bug two years ago. And when he submitted it, the error was also missed by the person who reviewed the code.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he told the Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann gave the interview in part to clarify that Heartbleed was a mistake, not deliberate. He wanted to counter rumors that it was part of some nefarious plot to create a backdoor to allow government security agencies to spy on Internet users.

"In this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he told the Herald. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."
I also post news on Fluent's World on Goggle +.

"Time to use my +5 troll slaying broadsword again." - Couchpotato
Couchpotato is offline


Couchpotato's Avatar
The Overworked Potato


Join Date: Oct 2010
Location: Potato Land
Posts: 14,265