This week in computer security
View Single Post
April 13th, 2014, 03:13
Well they (cloudflare and russian developers) proved that it is much more serious bug than I first figured it for. Fortunately it got a lot of attention so most IT people running websites have had to check their websites for the vulnerability. I don't blame the programmer one bit. I do blame the designers of the specification as why the heck do we need super dynamic heartbeat systems? Maybe also blame the super cleaver memory managment system that openssl uses. I thought the bugs in echo and icmp protocols years ago would have taught some lessons but i guess not.
But having said that, its probably a very good idea to change your passwords as soon as your favorite websites indicate they are clean. Especially for anything in the past 3-4 months.
Problem is figuring out which sites are not clean. After all how many people are going to compile openssl themselves and check for the heartbeat feature response and version at every site they visit. I compiled openssl myself since there were no current windows versions I could find but I'm not checking everysite I visit for the bug. Well except for ones getting my credit card info for now.
Join Date: Apr 2010
View Public Profile
Send a private message to figment
Find More Posts by figment