- This topic has 4 replies, 2 voices, and was last updated 10 years ago by
.
-
Posts
-
So the news (in UK at least) is afoot with fearmongering based on the ‘heartbleed’ bug. Two of the strongest hardware companies have now ‘admitted’ that their switches and routers are affected by this ‘bug’.
Heartbleed – my heart bleeds for you? Dagger through the heart? Your life is online so if we rip it away your heartbleeds?
I’m not sure what’s going on here, a pre-cursor to a major ‘hack’ somewhere? But one thing I am sure of, CISCO and JUNIPER are not so amateur that something so trivial could affect them, so why wheel out the big guns of the industry now to say they are affected?
I feel something is afoot to try and make people feel doubly insecure about the internet. After all, ‘the internet is a place you can learn stuffs yeah’ [sic].
US Government is warning about hackers using heartbleed. But then, why did you go tell all the hackers in the world this weakness exists? It’s not right. A psyop? Maybe, but it’s not right for sure.
Quote from the BBC page – funny how they are saying ‘it could be seen to be NSA but it isn’t’…..
A German computer programmer has accepted responsibility for the emergence of the Heartbleed bug, according to a report in the Sydney Morning Herald.
Robin Seggelman, a 31 year old from Oelde – 120 miles (193km) north of Frankfurt – is reported to have made the mistake while trying to improve the OpenSSL cryptographic library on 31 December 2011.
“It’s tempting to assume that, after the disclosure of the spying activities of the NSA and other agencies, but in this case it was a simple programming error in a new feature, which unfortunately occurred in a security-relevant area,” he told Fairfax Media.
“It was not intended at all, especially since I have previously fixed OpenSSL bugs myself, and was trying to contribute to the project.”
More clues/leads to follow in the Sydney Heralds piece on Seggelman
Dr Seggelman, 31, from the small town of Oelde in north-west Germany, is a contributor to the Internet Engineering Task Force (IETF), a not-for-profit global group whose mission is to make the internet work better. He is attached to the Munster University of Applied Sciences in Germany, where, as research associate in the networking programming lab in the department of electrical engineering and computer science, he has published a number of papers, including his thesis on strategies to secure internet communications in 2012. He has been writing academic papers and giving talks on security matters since 2009, while still a PhD student.
So, Seggelman is an academic, not an industry worker, so how did HE manage to code the feck up? An academic does not code industry strength materials. They research for sure, but actually make the code that gets implemented? Rare, very rare I believe.
That said, it is OPEN SSL, so I guess there’s an in there. But open source affecting the world… It still doesn’t add up fully.
Flippin Heartbleed. Enough said with that suggestive name.
So this academic Seggelman made a boo boo. Whoops! He was just working, as part of the Engineering Task Force (IETF, a not-for-profit global group whose mission is to make the internet work better) trying to make the internet better.
And he made it worse. The whole internet.Oh dear. He must feel terrible. A bit like that bloke at Chernobyl who pressed the wrong button, apparently poisoning the entire world: ”You plank Vlad, why did you press that?” was all his colleagues could say.
Your heart bleeds for them.
Truth is with Dr Seggelman, this allegedly HUGE error will probably be the making of him.
In crime families, taking one for the team goes a long way.DalTampra
- You must be logged in to reply to this topic.