Sour Grapes
Of course we're Fair and Balanced!

2014-04-09

My heart bleeds for the World-Wide Web

This sounds like a HUGE disaster. My brother Glenn, who does security for a living, alerted me to this posting from yesterday on ars technica:

Lest readers think "catastrophic" is too exaggerated a description for the critical defect affecting an estimated two-thirds of the Internet's Web servers, consider this: at the moment this article was being prepared, the so-called Heartbleed bug was exposing end-user passwords, the contents of confidential e-mails, and other sensitive data belonging to Yahoo Mail and almost certainly countless other services.

The current top two promoted comments combine to say:

On a scale of 1 to 10, I would say 11....

Even 11 is an understatement....

It is not enough to do new certificates. All of the old certificates could now be used for man in the middle attacks! 2/3rds of the Internets certificates potentially need to be blacklisted! This is a MAJOR disaster....

EVERY existing CA used on the internet may have to be black listed, and every single SSL certificate re-issued.

IMO SSL/TLS is now completely broken....

There's a website devoted to this problem as well. Click on the Heartbleed image to see it.



Blog home
Blog archives
         2003
         2004
         2005
         2006
         2007
         2008
         2009
         2010
         2011
         2012
         2013