Welcome Stranger to OCC!Login | Register

Code that Caused Heartbleed Called an Accident

Category: Bugs / Virus
Posted: 10:22AM

The programmer responsible for checking in the code that led to the Heartbleed bug in OpenSSL has described it as an accident, not a malicious activity. The bug was found in an area of the code that pertained to security and was caused by "missing validation on a variable containing a length." The code went through a peer review process and neither the original programmer or peer reviewer were able to catch the bug. There is a published list of some sites that have been impacted by the bug, but it would probably be a good idea to change all of your passwords anyway.

Source: ZDNet

Register as a member to subscribe comments.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1841411591   (xlweb1)