OpenSSL Heartbeat/Heartbleed

There’s no way that for over a year no one have exploited it.

I don’t want to judge the developer (although he has doctor title), but this is basic rule when dealing with user submitted data – never trust them. So especially in such sensitive software…

Simply explained by xkcd

OpenSSL Heartbeat (Heartbleed) Vulnerability (CVE-2014-0160) and its High-Level Mechanics from Elastica Inc on Vimeo.

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *