Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heartbleed OpenSSL Vulnerability: A Technical Remediation

Posted by samzenpus on from the protect-ya-neck dept.

An anonymous reader writes "Since the announcement malicious actors have been leaking software library data and using one of the several provided PoC codes to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."

3 of 239 comments (clear)

  1. Re:Situation is a Shambles by The+Snowman · · Score: 4, Funny

    I agree 100%, since there have never been bugs in languages like Java.

    Also, managed languages like Java and .NET are written in other managed languages running bytecode, making them extra secure. At no time do any of these languages use libraries or environments written in lower level languages such as C++, C, or assembler. So to the GP's credit, programmers who know those languages are okay to die off since we do not need them anyway.

    --
    24 beers in a case, 24 hours in a day. Coincidence? I think not!
  2. Re:Thank you for the mess by davester666 · · Score: 5, Funny

    Not really. Lots of people are wrong on the internets! :-)

    --
    Sleep your way to a whiter smile...date a dentist!
  3. Re:what? by TheGratefulNet · · Score: 4, Funny

    let me run that thru the jive translator:

    "well, shit!" ==> "golly!"

    --

    --
    "It is now safe to switch off your computer."