Politics, Weather, Photography, and the Dog
Wednesday 9 April 2014

Bruce Schneier, not one for hyperbole, calls the Heartbleed defect an 11 on a 10 scale:

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

"Catastrophic" is the right word.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

It turns out, Windows systems don't use OpenSSL very much, favoring TLS 1.2 these days. So if you're visiting a Windows system (basically anything with ".aspx" at the end), you're fine.

Still, if you've used Yahoo! or any other system that has this bug, change your password. Now.

Wednesday 9 April 2014 08:34:32 CDT (UTC-05:00)  |  | Security#
Search
On this page....
The heart bleeds for OpenSSL
Countdowns
The Daily Parker +3477d 15h 30m
Italy 6d 06h 28m
IDTWHQ move 23d 06h 43m
Parker's 9th birthday 23d 21h 43m
My next birthday 105d 01h 48m
Categories
Aviation (366) Baseball (110) Best Bars (10) Biking (46) Chicago (999) Cubs (199) Duke (134) Geography (368) Higher Ground (5) Jokes (284) Kitchen Sink (709) London (70) Parker (203) Daily (204) Photography (156) Politics (307) US (1147) World (286) Raleigh (21) Readings (8) Religion (68) San Francisco (94) Software (217) Blogs (83) Business (250) Cloud (91) Cool links (152) Security (105) Travel (259) Weather (755) Astronomy (94) Windows Azure (64) Work (101) Writing (15)
Links
Archive
<May 2015>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456
Full archive
Blogroll
About
David Braverman and Parker
David Braverman is the Chief Technology Officer of Holden International in Chicago, and the creator of Weather Now. Parker is the most adorable dog on the planet, 80% of the time.
Legal
All content Copyright ©2015 David Braverman.
Creative Commons License
The Daily Parker by David Braverman is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License, excluding photographs, which may not be republished unless otherwise noted.
Admin Login
Sign In
Blog Stats
Total Posts: 4813
This Year: 199
This Month: 34
This Week: 10
Comments: 0