Quantcast
Channel: a.nolen » a.nolen
Viewing all articles
Browse latest Browse all 10

Heartbleed

0
0
poulhenningkamp

What being ahead of the curve looks like.

I never get tired of plugging smart people. Heard of “Heartbleed“– the OpenSSL ‘flaw’ that left two-thirds of the internet vulnerable to hackers?

The agency [NSA] found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” Riley wrote.

“Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” he added. “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”

Funny, but this sort of situation with OpenSSL is exactly what Poul-Henning Kamp warned us about in his FOSDEM 2014 talk. In fact, I remember him calling OpenSSL the NSA’s “crown jewel“. Catch the full audio here; a transcript of the pertinent part here. Kamp uses OpenSSL as the example of NSA-compromised open source code. I am comforted that at least FOSDEM 2014 attendees and a.nolen readers got a ‘heads-up’ a month before the rest of the world. Pays to check this blog every so often. ;)

Here’s a quick explanation of how the Heartbleed vulnerability works. Read Poul-Henning Kamp’s blog here (in English). Read about his famous Bike Shed here; ‘arguing over the color of a Bike Shed’ is a metaphor for useless, red-herring open source programming squabbles that derail projects. Otherwise known as ‘PAINTINT’ … just kidding.



Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images