AdamHull Posted April 13, 2014 Posted April 13, 2014 As everyone is aware heartbleed has killed off SSL until a secure patch has been found. Wgat is everyone's opinion? Will this ever be fixed? Or is the whole internet going up have to find a new encryption for secure data? Quote
Guest Posted April 13, 2014 Posted April 13, 2014 It has been patched. It was patched when it first came to the public domain. Quote
sniko Posted April 13, 2014 Posted April 13, 2014 (edited) It has been patched. It was patched when it first came to the public domain. You can patch it all you like, but until *everyone* who has OpenSSL on their server updates, then it's still a problem. Also, what about the bad guys who have managed to steal private SSL keys via the exploit? Reissuing SSL certs surely isn't on someones favorite thing to do, especially as it's costly. Or is the whole internet going up have to find a new encryption for secure data? Nothing was wrong with the encryption, it was just bad logic. The logic allowed an offset to be allocated in the data, thus allowing memory access to be exploited. As everyone is aware heartbleed has killed off SSL Only for servers running outdated (pre-patch) OpenSSL versions Edited April 13, 2014 by sniko Quote
Script47 Posted April 14, 2014 Posted April 14, 2014 That picture board helps a lot in understanding it. :) Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.