Akamai Heartbleed Patch Fails to Address All Vulnerabilities
The Heartbleed security flaw, which has been one of the most influential web security issues in recent history, has hindered many websites since its initial revelation. Even though the code was supposedly an accident and not intentional, it has affected a large number of websites that make use of OpenSSL. One network provider that has been hindered by Heartbleed, Akamai, provided a patch to its systems recently that was supposed to address the security flaw entirely. The company has gone back on that claim now as Willem Pinckaers, a security researcher, has uncovered that the patch released by Akamai for its systems only addressed half of Heartbleed. According to Pinckaers, and confirmed by Akamai chief security officer Andy Ellis, the patch that was released for the Akamai network only covered three out of six critical values found in an RSA key.
In order to protect customers following this news, Akamai is rotating SSL certificates that are vulnerable. In the meantime, the company is working on a patch that will address Heartbleed in its entirety, thereby protecting one-third of the Internet's traffic that the network provider processes.