everybodypanic

Heartbleed... What do you think of them apples?

I'm sure by now everyone on the Internet and even those who listen to NPR knows about "Heartbleed"

I was lucky, only a singly system under by purview required a key roll. The Internet is going crazy over this one, the ever expanding list of exploitable sites, frankly, isn't as large as I had expected. Notably, no prominent banks were vulnerable and I've only come across one suspected real world exploit. The unfortunate author of the OpenSSL bug, Robin Seggelmann, continues to claim it was only a missed validation check. I believe him.

We live in a world where every single potential under or remote protocol input needs to be validated against known good thresholds. When this input validation isn't performed, things like this can happen.

2014-08-19 UPDATE: 4.5 million U.S. health care records were "hacked" and Heartbleed (and an unupdated Juniper) is supposedly to blame. One would think responsible persons involved in the security of said HIPPA protected confidential records would have audited their infrastructure a long time ago.