Thursday, 10 April 2014

'Trivial' mistake that caused Heartbleed crisis highlights fragility of the web




The "Heartbleed" flaw that has turned internet security upside down was added to the open-source OpenSSL protocol on New Year's Eve 2011, experts now believe. It was entered by one man — German software developer Robin Seggelmann — and a subsequent review failed to pick up on the catastrophic coding error Seggelmann had made. "In one of the new features, unfortunately, I missed validating a variable containing a length," he told the Sydney Morning Herald. By now you're likely well familiar with the damage that's resulted from what he described as a "trivial" error.
Some have accused Seggelmann of intentionally adding the major security hole to OpenSSL, charges that he vigorously denies. After all, the reason he was working on...
Continue reading…