Who knew about Heartbleed

As the tech world scrambles to patch the security flaw, dubbed Heartbleed, internet users are left scratching their heads wondering , "What should I do?'.

The Heartbleed code flaw, that was discovered using newly developed encryption testing tools, is a major code bug with far reaching implications. According to recent 'Honey Pot' reports the SSL code flaw was already being exploited by hackers.

A 'Honey pot' is  a term used to describe a server that is set up for the sole purpose of attracting hackers in order to gauge what exploits are being used and to test vulnerabilities.

It is not clear or widely reported how long the hacking community was aware of the issue. The bug itself seems to have been in place for about two years. The lag time between on how long it took for IT security experts to catch up with the hackers is a key point in determining how far we have advanced in fighting cyber-crime.

While kudos should be given to the researchers who discovered the security flaw, it would be a mistake to highlight this as a victory if we discover the hackers uncovered it long before our experts.

Another interesting aspect of this major code bug is the release of information after it was discovered. The last thing you want to do is to publicize a security flaw to the enemy before critical infrastructures are notified. The open source team responsible for this software, and the fix for it, should have been the first notified, and hopefully they were. The OpenSSL team was quick with producing a patch and disseminating it throughout the IT community.

It appears that a line of communication was set up and the exploit discovery was properly channeled before being made public.

For internet users it would be best to change your passwords once the affected servers are patched.


by Jim Atkins 'thedosmann'

Memphis Web Programming


Share it now!