This morning, content distribution network Cloudflare gave some hope to those affected by the Heartbleed security flaw with an announcement that the bug might not be as bad as feared. In two weeks of testing, Cloudflare said, its researchers failed to exploit the bug to steal a website’s private SSL keys, which secures the data sent to users. It issued a challenge to white-hat hackers to successfully retrieve the private security keys — and unfortunately for the web, one of them succeeded.
The widely-used open source library OpenSSL revealed on Monday it had a major bug, now known as “heartbleed”. By sending a specially crafted packet to a vulnerable server running an unpatched version of OpenSSL, an attacker can get up to 64kB of the server’s working memory. This is the result of a classic implementation bug known as a Buffer over-read There has been speculation that this vulnerability could expose server certificate private keys, making those sites vulnerable to impersonation. This would be the disaster scenario, requiring virtually every service to reissue and revoke its SSL certificates. Note that simply reissuing certificates is not enough, you must revoke them as well.
NOTE: TECHi Two-Takes are the stories we have chosen from the web along with a little bit of our opinion in a paragraph. Please check the original story in the Source Button below.
TECHi weighs both sides before reaching a conclusion.
TECHi’s editorial take above outlines the reasoning that supports this position.
Microsoft's Copilot AI in Windows 11 falls short of user expectations, especially when compared to the company’s high-profile advertisements. Real-world…
Apple's idea to use OLED screens for gadgets shows how keen they are to boost how things look and feel.…
The Pixel Watch 4 is a new milestone in the world of smartwatches offered by Google. It brings several firsts,…
This most recent leak of Apple has got everybody talking in the tech world. The emerging code suggests substantial updates…
