1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News OpenSSL hit by another major vulnerability

Discussion in 'Article Discussion' started by Gareth Halfacree, 6 Jun 2014.

  1. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,383
    Likes Received:
    7,224
  2. SinxarKnights

    SinxarKnights Minimodder

    Joined:
    21 Jan 2007
    Posts:
    258
    Likes Received:
    3
    I personally find this to be a good thing but others may not agree. The more bugs like this that are found the better. It is unfortunate that it took such a major issue (Heartbleed) to draw attention to code corporations has been using for years without actually looking at how it works and if it is reasonably secure.

    This whole debacle with OpenSSL had me wondering, why did so many large important sites/networks/corporations use something like this without inspecting the code for vulnerabilities? Did everybody just jump on the bandwagon with the assumption "Company X uses it, so it is safe"? Or are code security and encryption experts like Masashi Kikuchi so few and far between that the likelihood of one of them laying their eyes on the code is almost nill?

    I can see nothing but good coming from this. Sure some people might lose faith in OpenSSL (or open source as a whole) but it will be stronger as a result.
     
  3. Baguette

    Baguette What's a Dremel?

    Joined:
    6 Aug 2010
    Posts:
    93
    Likes Received:
    0
    The important thing to realise is that these issues are not easily spotted. They are not caused by a lazy this'll-do attitude. The openSSL project gets contributions from some really clever people, but one of the quirks of programming is that you sometimes can't predict exactly how code will work.
    Big companies won't inspect the code because it is code that is already tested to be secure, and on such a large scale that spotting a new vulnerability is a very low chance, compared to the cost of testing. Some people do put money into this however, and some companies live solely to test security code!
     
  4. debs3759

    debs3759 Was that a warranty I just broke?

    Joined:
    10 Oct 2011
    Posts:
    1,769
    Likes Received:
    92
    Things like this make me glad I'm usually skint - there's nothing for anyone to abuse/steal :)
     
  5. forum_user

    forum_user forum_title

    Joined:
    4 Jan 2012
    Posts:
    511
    Likes Received:
    3
    We need secure protection. It is too easy for me (and the world) to download Kali Linux and use the network tools to watch my neighbours' browsing habits.
     

Share This Page