by Mike Masnick
Mon, Apr 14th 2014 8:13pm
The web is a dangerous place these days. Akamai, which many large companies rely on for hosting as a CDN, has admitted that its Heartbleed patch was faulty, meaning that it was possible that the SSL keys "could have been exposed to an adversary exploiting the Heartbleed vulnerability." Akamai had already noted that it was more protected against Heartbleed than others, because of custom code it had used for its own OpenSSL deployment. However, as researchers looked through that custom code, they found some significant defects in it. Some people have been arguing that the Heartbleed bug highlights a weakness in open source software -- but that's not necessarily true. Pretty much all software has vulnerabilities. And, sometimes, by open sourcing stuff you can find those vulnerabilities faster.
If you liked this post, you may also be interested in...
- UK Police Circumventing Cellphone Encryption By 'Mugging' Suspects While Their Phones Are Unlocked
- Encryption Survey Indicates Law Enforcement Feels It's Behind The Tech Curve; Is Willing To Create Backdoors To Catch Up
- Manhattan DA Cy Vance Wraps Up 2016 With Another Call For Gov't-Mandated Encryption Backdoors
- Akamai: 12-Year-Old SSH Vulnerability Fueling Internet-Of-Broken-Things DDoS Attacks, And Worse
- The Internet Of Poorly Secured Things Is Fueling Unprecedented, Massive New DDoS Attacks