RPGWatch Forums - View Single Post - This week in computer security
View Single Post


April 12th, 2014, 22:48
The bug was actually created by a German engineer who has confessed it was an accident, and not intentional. Here is some of the information with links if anyone is curious. So I don't see the need to cry foul with conspiracy theories.

Link- http://www.latimes.com/business/tech…#axzz2yhtuRpC6
He lives in the German city of Munster and is among the community of programmers who contribute code to the OpenSSL project. OpenSSL is the open-source software that provides encryption for two-thirds of the Web's servers.

Seggelmann told the the Sydney Morning Herald that he did not notice the error when he wrote the flawed code that became the Heartbleed bug two years ago. And when he submitted it, the error was also missed by the person who reviewed the code.

"I was working on improving OpenSSL and submitted numerous bug fixes and added new features," he told the Herald. "In one of the new features, unfortunately, I missed validating a variable containing a length."

Seggelmann gave the interview in part to clarify that Heartbleed was a mistake, not deliberate. He wanted to counter rumors that it was part of some nefarious plot to create a backdoor to allow government security agencies to spy on Internet users.

"In this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area," he told the Herald. "It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project."
Check my Google+ page for more news as I update everyday.

"All my flamers & detractors can kiss my behind."
Couchpotato is offline


Couchpotato's Avatar
Retired News-Editor


Join Date: Oct 2010
Location: Potato Land
Posts: 15,328