ALL
How to prevent next HeartBleed bug?
How to ensure the security of open source projects is a concern for many open source users including individual users and companies. But it's not an easy task to ensure the security of open source projects.Because everyone can see the source code, there is much higher possibility that a bug may be found by someone. Once a bug is disclosed, people may exploit it and do evil things, this may cause loss of money either for individuals or companies, some of the bugs may even have big impact to the whole industry. For example, the recent HeartBleed bug in OpenSSL.Also since many of the open source ...
4,968 0 SECURITY OPEN SOURCE HEARTBLEED
HeartBleed: OpenBSD now starts to clean up OpenSSL
Since the disclosure of HeartBleed bug in OpenSSL, some arguments emerge around the safety of OpenSSL, the largest open source SSL/TLS library used by large number of servers, applications. Some people are even starting to create their own version of SSL library. This includes OpenBSD, a famous Unix like open source operating system.Just a few days after the HeartBleed bug, OpenBSD forked a new branch of OpenSSL and started to clean up the forked branch and plans to merge it to its own code base. So far these changes done on the forked OpenSSL library include:Splitting up libcrypto and li...
4,660 0 HEARTBLEED OPENBSD
HeartBleed: Should C be blamed for the HeartBleed bug?
There is a discussion about the security of applications written in C on Hacker News recently after the report of HeartBleed bug in OpenSSL. In this discussion, some people are saying that the applications written in C are unsafe. It seems all or most of the faults should be laid on C. I think this is biased. The language itself should not be blamed.Safety is a relative term for programming languages. No language is absolutely safe. We claim some languages like Java and C# are safer than C/C++ because they have memory protection mechanism built in, we cannot access arbitrary memory locations i...
14,370 5 C ANALYSIS CODE REVIEW HEARTBLEED
HeartBleed: Inside the heart, what happens to a normal WEB user?
To be brief, our email, IM, facebook etc. are at the risk, so try to minimize the access in these few days. Especially we should try to avoid log into our internet-banking, because we may expose our user id and password. Also later when the service providers fix the bug, we would better to change a new password for all the web accounts that are important to us.Here comes the technical explanation.You might notice before that a lot of websites use URL starting with "https". For example, https://www.google.com.sg. HTTPS literally means secure HTTP, as the "s" stands for secure. Both HTTP and HTT...
4,693 0 ANALYSIS HEARTBLEED
HeartBleed: Inside the heart, what causes the bleeding?
Just after a few weeks since Apple's famous goto fail bug, there is one bug in OpenSSL which catches the attention from the world again. The bug is named HeartBleed, found in OpenSSL library, a famous open source library supporting lots of SSL/TLS communication among server/client applications.The reason why this bug catches the attentions from the world is it affects almost all sites which are using the affected OpenSSL library, these includes many applications like Nginx server, some versions of Linux and many famous websites including Yahoo, Amazon. Private keys on the web server may ...
8,093 0 OPENSSL HEARTBLEED