[Linux-aus] Post in ZDnet re: Heartbleed
gdt at gdt.id.au
Thu Apr 17 12:49:18 EST 2014
> You're absolutely right, the process followed by the OpenSSL team and the
> various distributions in fixing this has been very well done and is a model
> for how these things should be fixed.
And here we part company. The advice for people with possibly-affected web
servers should have been to shut that web server down. Then determine if
the web server was vulnerable. Then patch it and reboot.
Not getting the web server offline immediately simply allowed people to
pull 64KB blocks from webservers and archive them to disk for future
Instead we've had major websites stay up whilst determining if the
vulnerability is present. The seriousness of the issue and ease of
exploitation demanded a more rapid and abrupt response from systems
Glen Turner <http://www.gdt.id.au/~gdt/>
More information about the linux-aus