[Linux-aus] Post in ZDnet re: Heartbleed

Glen Turner gdt at gdt.id.au
Thu Apr 17 15:34:05 EST 2014

Hi Brent,

> Up until that point, an exploit had not been posted nor had any proof been made that showed it could be done.

An attacker didn't need to exploit it. They simply needed to record the contents of the 64KB chunk to take advantage of a future exploit.

Also, note that the exploit was to get a private key. There’s plenty of evidence that private information was more easily available.

I view the reluctance of systems administrators to cease serving prior to fixing the bug as simple prioritisation of uptime (ie, revenue) over their user’s privacy.


More information about the linux-aus mailing list