Heartbleed has been devastating for some big fishes in the pond. Allegations were made and the big bad wolf will be logically tamed. The ignorant columnists accused the “open source” of being too open and “uncontrolled”, the specialists were stunned until they realized what actually happened, and now, finally, after good people ventilated the media, the masters of the internet are prone to give some help in the matter. It is interesting that various theories were pushed around, not any of it true, from the NSA to China and Anonymous.
What Heartbleed Can Do
[source]
It was a code writing flaw, a human mistake, all of it because there aren’t many who work to this open source information encrypting protocol, so, unavoidably happened. They work with pleasure, because the donation flow is not great. Of course speculations were made that this was intentionally, to screw up companies like Google or Yahoo, but that’s not true at all.
People like Steve Marquess, from the OpenSSL Foundation, a funds collecting organism had to pull the alarm for elementary things to be done.
I’m looking at you, Fortune 1000 companies. The ones who include OpenSSL in your firewall/appliance/cloud/financial/security products that you sell for profit, and/or who use it to secure your internal infrastructure and communications. The ones who don’t have to fund an in-house team of programmers to wrangle crypto code, and who then nag us for free consulting services when you can’t figure out how to use it. The ones who have never lifted a finger to contribute to the open source community that gave you this gift. You know who you are. – Steve Marquess, fragment of his blog article, “Of Money, Responsibility, and Pride”
You should read the whole post to better understand how the problem is put. Even so, that was not enough.
Heartbleed Symbol
[source]
Linux Foundation took another initiative, and after that, companies like Google, IBM, Microsoft, Intel, Amazon, Cisco, Qualcomm, Rackspace, Fujitsu, Dell or Facebook (there are more, apparently), have each promised to donate $100k per year, three years in a row, to help coders to do a better job with this “open source” stuff all people use but don’t pay for it, so the Core Infrastructure Initiative was found, which is another foundation after all.
Mashable, the reputable tech news & social media blog, disclosed a whole list with services affected by Heartbleed. These services used the OpenSSL to service the access to them, and some of the most important are: Pinterest, the newly acquired Tumblr, Google, Yahoo (the owner of Tumblr), Amazon, GoDaddy, Namecheap and even WordPress (I suppose it’s wordpress.com). In Mashable’s spirit, that particular post was a quickie, so the info is blurred, just for people around the world to avoid a heart attack. In the mean time, I hope you have checked your bank accounts, and if they have the same proportions, you are not affected. I wasn’t, for sure.
If you liked what you read (and for that I humbly thank you for your patience), subscribe to this blog by Email! Follow this blog on Twitter, and on Facebook! For a joyous day, check out my pins on Pinterest or my grams on Instagram 😄. I hope you like this blog so much that you think it’s time to take a step further by becoming yourself a blogger; in order to do that have the kindness to read the Own Your Website offer I have prepared for you! You won’t regret. Thanks for passing by 😄 Speak your mind, don’t be shy!
Copyright © 2014 Rodolfo Grimaldi Blog – “Heartbleed”-ing News
