Developers Rush to Handle Heartbleed

Wednesday Apr 9th 2014 by Developer.com Staff
Share:

Most of the major Linux distributions have issued patches for the security vulnerability.

On Tuesday, news broke of a major security flaw in OpenSSL, the technology that much of the Internet uses to encrypt data transfers. OpenSSL released a patch for the vulnerability, dubbed "Heartbleed" right away, and open source developers scrambled to create patches for Linux distributions and other applications that rely on OpenSSL. ZDNet reports that most major Linux distributions have released updates that fix the security vulnerability. Now it's up to website owners to apply the fixes to their own servers.

Security researcher Matthew Green notes that the problem was "the result of a relatively mundane coding error," namely, a missing bounds check. "This is just more evidence that even talented and dedicated programmers and developers can make mistakes," said Charles King, principal analyst at Pund-IT. "The scariest thing about it is that site owners may have been attacked or robbed and wouldn't know a thing."

View article

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved