Politics, Weather, Photography, and the Dog
Wednesday 9 April 2014

Bruce Schneier, not one for hyperbole, calls the Heartbleed defect an 11 on a 10 scale:

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

"Catastrophic" is the right word.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

It turns out, Windows systems don't use OpenSSL very much, favoring TLS 1.2 these days. So if you're visiting a Windows system (basically anything with ".aspx" at the end), you're fine.

Still, if you've used Yahoo! or any other system that has this bug, change your password. Now.

Wednesday 9 April 2014 08:34:32 CDT (UTC-05:00)  |  | Security#
Search
On this page....
The heart bleeds for OpenSSL
Countdowns
The Daily Parker +3422d 00h 16m
Italy 61d 22h 42m
Parker's 9th birthday 79d 12h 57m
My next birthday 160d 17h 02m
Categories
Aviation (358) Baseball (110) Best Bars (10) Biking (44) Chicago (966) Cubs (198) Duke (133) Geography (352) Higher Ground (5) Jokes (284) Kitchen Sink (688) London (65) Parker (198) Daily (204) Photography (148) Politics (304) US (1125) World (273) Raleigh (21) Readings (8) Religion (67) San Francisco (93) Software (210) Blogs (82) Business (242) Cloud (90) Cool links (147) Security (103) Travel (255) Weather (743) Astronomy (93) Windows Azure (62) Work (95) Writing (14)
Links
Archive
<March 2015>
SunMonTueWedThuFriSat
22232425262728
1234567
891011121314
15161718192021
22232425262728
2930311234
Full archive
Blogroll
About
David Braverman and Parker
David Braverman is the Chief Technology Officer of Holden International in Chicago, and the creator of Weather Now. Parker is the most adorable dog on the planet, 80% of the time.
Legal
All content Copyright ©2015 David Braverman.
Creative Commons License
The Daily Parker by David Braverman is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License, excluding photographs, which may not be republished unless otherwise noted.
Admin Login
Sign In
Blog Stats
Total Posts: 4735
This Year: 121
This Month: 38
This Week: 10
Comments: 0