• Feeling isolated? You're not alone.

    Join 20,000+ people who understand exactly how your day went. Whether you're newly diagnosed, self-identified, or supporting someone you love – this is a space where you don't have to explain yourself.

    Join the Conversation → It's free, anonymous, and supportive.

    As a member, you'll get:

    • A community that actually gets it – no judgment, no explanations needed
    • Private forums for sensitive topics (hidden from search engines)
    • Real-time chat with others who share your experiences
    • Your own blog to document your journey

    You've found your people. Create your free account

"After ‘Catastrophic’ Security Bug, the Internet Needs a Password Reset"

Yes we had to patch our servers. Luckily we weren't on SSL before so we weren't vulnerable.
 
Kari, the article said that this security breach has the potential to affect quite a bit of the Internet at large. Is it something to panic about? No. Should we take appropriate measures to counteract security risks? Yeah, probably.
 
Wow, this is one heck of a disaster. Thanks for notifying us, I don't check the news to often and probably would have missed this.
 
It's always good security to change all passwords periodically whether there is a need to or not.
 
xkcd: Heartbleed Explanation

heartbleed_explanation.png
 
really? That simple an oversight? :) I've seen it posted on google news that the security agencies have been aware of this bug for years and used it to trawl data. I reckon if this is the case, then someone other than their allies have got wind of this and so it's time to fix the bug. Ah well, paranoia rules! :D
 
Tarragon said:
really? That simple an oversight? :) I've seen it posted on google news that the security agencies have been aware of this bug for years and used it to trawl data. I reckon if this is the case, then someone other than their allies have got wind of this and so it's time to fix the bug. Ah well, paranoia rules! :D
Click to expand...

A. It probably wasn't "that simple of an oversight." Nearly everything in technology that seems simple to the layman is anything but (ie - the inner workings are by no means simple, even if the end result appears to be so).

B. OpenSSL is a very large open source project. That means there are potentially thousands of pairs of eyes that look at it at any given time, and anyone who wants to can download the source code and tinker with it. This is actually what makes it so secure (because bugs are found, fixed, and submitted through a code review process by anyone who wishes to help out). It also means that the odds of any one person or group finding something of this magnitude and being able to sit on it for years, if not decades, is pretty much nil, because if one person finds it, someone else will, too.

(Side note -- I can't tell if you, Tarragon, actually believe what you've written, so this goes off the assumption that you do. If you don't, then this is then simply for those who may have seen the statement you were referring to and actually believe it, or otherwise don't understand how stuff like this works.)
 
The cartoon illustrated a simple programming error. Perhaps the real big was more complicated, but if it wasn't it was an error you'd expect a schoolboy programmer to make rather than someone designing a secure protocol!
 
You must log in or register to reply here.

New Threads

Top Bottom