Jump to content



Heartbleed - Το τεράστιο fail του OpenSSL...


Shaman

Recommended Posts

As the defacto SSL/TLS cryptographic stack on the web, it might be easy to think that OpenSSL has tons of support.

After all, as we've learned from Heartbleed — it's not just web servers that use OpenSSL. Routers (big, expensive, high-end routers), firewalls, smartphones and other connected devices all use OpenSSL.

If the number of people that relied on a project — and its importance to the overall web — was proportionally related to the amount of support a project has, OpenSSL would be well-funded and have a heft of full-time paid employees and maintainers.

It's not.

OpenSSL, a project that runs on 66% of all web servers, has just one full-time employee. One.

It gets worse. In the five years since the OpenSSL Software Foundation (OSF) was created — as a way to help sustain the OpenSSL project — this important project has never received more than $1 million in gross revenue a year.

Pure donations to the project are almost non-existent. Steve Marquess, the OpenSSL contributor who handles the business aspects of the OSF, addressed the current situation on his blog. According to Marquess, the foundation typically gets just $2,000 a year in donations.

...

Heartbleed didn't happen because OpenSSL is open source, it happened because the project wasn't given the support it needed. Let's hope that changes. And soon. This project is too important to too many.

Heartbleed Exposes a Problem With Open Source, But It's Not What You Think

Και τα θετικά της υπόθεσης:

Heartbleed: The Internet’s First Security Superstar

The Heartbleed Effect: Password Services Are Having a Moment

Link to comment
Share on other sites

Over the past weeks, Weaver and researchers at the University of Michigan have been scouring the internet for systems that are vulnerable to the bug, which lets hackers steal information from a machine’s memory. As expected, he found that most websites have now patched the flaw, which was in a common piece of encryption software called OpenSSL. But the My Cloud is just one example of an enormous problem that continues to lurk across the net: tens of thousands of devices — including not only My Cloud storage devices but routers, printers storage servers, firewalls, video cameras, and more — remain vulnerable to attack.

In other words, the Internet of Things needs a patch.

It’s Crazy What Can Be Hacked Thanks to Heartbleed | Enterprise | WIRED

Link to comment
Share on other sites

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Δημιουργία...

Important Information

Ο ιστότοπος theLab.gr χρησιμοποιεί cookies για να διασφαλίσει την καλύτερη εμπειρία σας κατά την περιήγηση. Μπορείτε να προσαρμόσετε τις ρυθμίσεις των cookies σας , διαφορετικά θα υποθέσουμε ότι είστε εντάξει για να συνεχίσετε.