SYS-CON MEDIA Authors: Yeshim Deniz, Doug Masi, Mat Mathews, Newswire, David Smith

Blog Feed Post

Heartbleed’s ‘Worst-Case Scenario’ is Possible


What seemed like good news has quickly turned bad, if not downright terrifying. Saturday’s disclosure by Web security firm CloudFlare that at least one worst-case scenario related to the Heartbleed vulnerability might be impossible has been proven wrong by independent researchers in less than a day. Two independent tests have proven CloudFlare’s initial findings wrong, which means that certain nasty possibilities involving the bug are indeed possible. The firm had determined that using the Heartbleed vulnerability to steal private server keys appeared impossible, which looked to be the first good news since the bug was revealed earlier this week. CloudFlare had set up a public challenge seeking outside validation of the results of its own testing. The challenge lasted until late Friday afternoon Pacific Time. The first to pull out an SSL private key, according to CloudFlare, was Fedor Indutny, a Russian security researcher.

Read the full story at re/code.

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of NBC Universal’s Live Digital with Shelly Palmer, a weekly half-hour television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.