Source: National Cyber Security – Produced By Gregory Evans
Robin Seggelmann, a programmer based in Germany, submitted the code in an update submitted at 11:59pm on New Year’s Eve, 2011. It was supposed to enable a function called “Heartbeat” in OpenSSL, the software package used by nearly half of all web servers to enable secure connections. He says the “Heartbleed” vulnerability to the open-source code used by thousands of websites says it was an “oversight” – but that its discovery validates the methods used. His update did enable Heartbeat, but an “oversight” led to an error with major ramifications. But it accidentally created the “Heartbleed” vulnerability, which has been described as a “catastrophic” flaw which laid the contents of thousands of web servers open to hackers. Seggelmann worked on the OpenSSL project during his PhD studies, from 2008 to 2012, but isn’t involved with the project any more. It has also been discovered in Cisco and Juniper routing gear, which could mean that hackers could capture sensitive data such as passwords passing over the internet. He said that the mistake has nothing to do with its festive datestamp. “The code… was the work of several weeks. It’s only a coincidence that it was submitted during the holiday season. “I […]
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
The post ‘Oversight’ causes an error HeartBleed; says it’s Developer appeared first on National Cyber Security.
View full post on National Cyber Security