Shaman Απρίλιος 14, 2014 Author #21 Κοινοποίηση Απρίλιος 14, 2014 (edited) Heartbleed hacks hit Mumsnet and Canada's tax agency Έγινε επεξεργασία Απρίλιος 15, 2014 από Shaman Link to comment Share on other sites More sharing options...
jiohkor3 Απρίλιος 15, 2014 #22 Κοινοποίηση Απρίλιος 15, 2014 μου ρθε το πρωτο σοβαρο mail42405 - OpenSSL Vulnerability CVE-2014-0160 (Heartbleed) Link to comment Share on other sites More sharing options...
Shaman Απρίλιος 15, 2014 Author #23 Κοινοποίηση Απρίλιος 15, 2014 As the defacto SSL/TLS cryptographic stack on the web, it might be easy to think that OpenSSL has tons of support.After all, as we've learned from Heartbleed — it's not just web servers that use OpenSSL. Routers (big, expensive, high-end routers), firewalls, smartphones and other connected devices all use OpenSSL.If the number of people that relied on a project — and its importance to the overall web — was proportionally related to the amount of support a project has, OpenSSL would be well-funded and have a heft of full-time paid employees and maintainers.It's not.OpenSSL, a project that runs on 66% of all web servers, has just one full-time employee. One. It gets worse. In the five years since the OpenSSL Software Foundation (OSF) was created — as a way to help sustain the OpenSSL project — this important project has never received more than $1 million in gross revenue a year. Pure donations to the project are almost non-existent. Steve Marquess, the OpenSSL contributor who handles the business aspects of the OSF, addressed the current situation on his blog. According to Marquess, the foundation typically gets just $2,000 a year in donations....Heartbleed didn't happen because OpenSSL is open source, it happened because the project wasn't given the support it needed. Let's hope that changes. And soon. This project is too important to too many.Heartbleed Exposes a Problem With Open Source, But It's Not What You ThinkΚαι τα θετικά της υπόθεσης:Heartbleed: The Internet’s First Security SuperstarThe Heartbleed Effect: Password Services Are Having a Moment Link to comment Share on other sites More sharing options...
EraserheadX Απρίλιος 22, 2014 #24 Κοινοποίηση Απρίλιος 22, 2014 OpenSSL code beyond repair, claims creator of “LibreSSL” fork | Ars Technica Link to comment Share on other sites More sharing options...
Shaman Απρίλιος 30, 2014 Author #25 Κοινοποίηση Απρίλιος 30, 2014 Over the past weeks, Weaver and researchers at the University of Michigan have been scouring the internet for systems that are vulnerable to the bug, which lets hackers steal information from a machine’s memory. As expected, he found that most websites have now patched the flaw, which was in a common piece of encryption software called OpenSSL. But the My Cloud is just one example of an enormous problem that continues to lurk across the net: tens of thousands of devices — including not only My Cloud storage devices but routers, printers storage servers, firewalls, video cameras, and more — remain vulnerable to attack. In other words, the Internet of Things needs a patch.It’s Crazy What Can Be Hacked Thanks to Heartbleed | Enterprise | WIRED Link to comment Share on other sites More sharing options...
Shaman Ιούνιος 5, 2014 Author #26 Κοινοποίηση Ιούνιος 5, 2014 The Human Side of Heartbleed Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now