Politics, Weather, Photography, and the Dog
Wednesday 9 April 2014

Bruce Schneier, not one for hyperbole, calls the Heartbleed defect an 11 on a 10 scale:

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

"Catastrophic" is the right word.

At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof.

It turns out, Windows systems don't use OpenSSL very much, favoring TLS 1.2 these days. So if you're visiting a Windows system (basically anything with ".aspx" at the end), you're fine.

Still, if you've used Yahoo! or any other system that has this bug, change your password. Now.

Wednesday 9 April 2014 08:34:32 CDT (UTC-05:00)  |  | Security#
Search
On this page....
The heart bleeds for OpenSSL
Countdowns
The Daily Parker +3451d 08h 31m
Italy 32d 13h 28m
IDTWHQ move 49d 13h 43m
Parker's 9th birthday 50d 04h 43m
My next birthday 131d 08h 48m
Categories
Aviation (362) Baseball (110) Best Bars (10) Biking (46) Chicago (980) Cubs (199) Duke (134) Geography (360) Higher Ground (5) Jokes (284) Kitchen Sink (698) London (66) Parker (201) Daily (204) Photography (150) Politics (306) US (1135) World (277) Raleigh (21) Readings (8) Religion (68) San Francisco (94) Software (217) Blogs (83) Business (248) Cloud (90) Cool links (150) Security (105) Travel (255) Weather (748) Astronomy (93) Windows Azure (63) Work (100) Writing (15)
Links
Archive
<April 2015>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789
Full archive
Blogroll
About
David Braverman and Parker
David Braverman is the Chief Technology Officer of Holden International in Chicago, and the creator of Weather Now. Parker is the most adorable dog on the planet, 80% of the time.
Legal
All content Copyright ©2015 David Braverman.
Creative Commons License
The Daily Parker by David Braverman is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License, excluding photographs, which may not be republished unless otherwise noted.
Admin Login
Sign In
Blog Stats
Total Posts: 4770
This Year: 156
This Month: 32
This Week: 1
Comments: 0