[dba-Tech] Heartbleed Ain't Just for Servers

Jim Lawrence accessd at shaw.ca
Wed Apr 16 13:24:29 CDT 2014


Hi Arthur:

<rant mode on>
This whole HeartBleed bug issue is upsetting to say the least. Note: that it is not a virus or piece of malware like the article seems to claim but coding error that was not officially discovered before or even a year after the OpenSSL version was release.

There is basically three individuals who wrote and maintain the whole OpenSSL project. It is all open source so the errors, if any, are clearly visible and can be fixed easily. Just about every large company in the world uses OpenSSL not only because it is free and OSS but because it is simply the best solution built.

You would think that at least one of these companies would invest some effort and/or financial backing in the product as it is clear that their business depends on it. There is really no excuse as in proprietary solutions the users can always rightfully claim, the errors were hidden. 

Some of the companies and governments agencies that now have been apparently affected by the HeartBleed bug were being affected, some weeks after the public announcements and patches were released and I think they should have their tech departments dragged over the carpet for gross negligence.

IMHO, any company that now releases products into the public while still possessing the unpatched OpenSSL should fined. 
<rant mode off>
   
Jim

----- Original Message -----
From: "Arthur Fuller" <fuller.artful at gmail.com>
To: "Discussion of Hardware and Software issues" <dba-tech at databaseadvisors.com>
Sent: Wednesday, April 16, 2014 3:35:08 AM
Subject: [dba-Tech] Heartbleed Ain't Just for Servers

A story on Ars Technica suggests that the virus can also attack smart
phones and tablets running Android.

http://arstechnica.com/security/2014/04/vicious-heartbleed-bug-bites-millions-of-android-phones-other-devices/

-- 
Arthur
_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com


More information about the dba-Tech mailing list