Pertaining to any discovery, principle, or aspect of science and/or technology. Open debates and discussions are welcome. Also now dealing with any happening in the news.
http://heartbleed.com/ wrote:Most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft's April 2014 Web Server Survey.
66% of the Internet is affected.. that is insane.
http://www.openssl.org/news/vulnerabilities.html wrote:CVE-2014-0160: 7th April 2014
A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64kB of memory to a connected client or server
Wow. For the last two years, pretty much all of our "secure" communications could have been easily intercepted by an anonymous attacker. The implications of this bug are nearly unimaginable. All of this because of a missing bounds check.
It's amazing for me to think a technology so fundamental to the Internet backbone has such a poor pre-release code review process.
Thoughts?
Falco Girgis wrote:It is imperative that I can broadcast my narcissistic commit strings to the Twitter! Tweet Tweet, bitches!
We spent most of the day discussing this at work yesterday. Pretty nasty, although the solution (or the only thing left to do) is workable: patch openssl, regenerate certificates and probably reset passwords for everything.
Thankfully, this doesn't affect elysianshadows.com, because it doesn't use ssl/tls (okay, that was mean, sorry =).
