April 10, 2014
For a few days, the Heartbleed bug has somewhat revolutionized the internet. And it is not for less, as it is a very important security flaw and with too great a scope to ignore it.
Robin Seggelman, a German developer collaborating on the OpenSSL project, explains that “Two years ago, I was trying to improve OpenSSL by submitting bug fixes and adding new features. In one of those characteristics, sadly, I forgot to validate a variable ».
The problem was further exacerbated when another volunteer reviewing the code also did not see the problem. With this, the bug made the inevitable leap to the version of OpenSSL that was made public, unleashing the chaos that everyone already knows.
Currently, the bug has already been corrected in the latest version of OpenSSL and implemented in some of the most important services throughout the network, such as Google and Yahoo.
via Programmer behind the Heartbleed bug clarifies that it was “unintentional” – FayerWayer.
[+] Videos de nuestro canal de YouTube