Wednesday, April 9, 2014

Heartbleed: "On the scale of 1 to 10, this is an 11." | Schneier on Security

h/t Borepatch

Heartbleed is a catastrophic bug in OpenSSL:

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory -- SSL private keys, user keys, anything -- is vulnerable. And you have to assume that it is all compromised. All of it.

"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.

