View Single Post

Default 

April 12th, 2014, 23:48
The bug was actually created by a German engineer who has confessed it was an accident, and not intentional. Here is some of the information with links if anyone is curious. So I don't see the need to cry foul with conspiracy theories.

Link- http://www.latimes.com/business/tech…#axzz2yhtuRpC6
He lives in the German city of Munster and is among the community of programmers who contribute code to the OpenSSL project. OpenSSL is the open-source software that provides encryption for two-thirds of the Web's servers.

Seggelmann told the the Sydney Morning Herald that he did not notice the error when he wrote the flawed code that became the Heartbleed bug two years ago. And when he submitted it, the error was also missed by the person who reviewed the code.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he told the Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann gave the interview in part to clarify that Heartbleed was a mistake, not deliberate. He wanted to counter rumors that it was part of some nefarious plot to create a backdoor to allow government security agencies to spy on Internet users.

"In this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he told the Herald. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."

"It's quite simple my word is the law around here, and failure to comply means termination."

RPGWatch News Editor & Moderator
Couchpotato is offline

Couchpotato

Couchpotato's Avatar
Evil Potato Overlord
RPGWatch Team

#144

Join Date: Oct 2010
Location: Potato Land
Posts: 10,756