Heartbleed – Securities death
HeartBleed is probably the worst vulnerability ever seen on the internet. SSL is the only layer of protection, when transferring confidential documents on the word wide web. When it’s vulnerable, nothing is safe. I’m happy to say that all Tuxxin Inc. services and client services have been patched, but from what I’m reading online this could of been done much sooner. OpenSSL didn’t publicly announce the vulnerability for over a week! However, certain companies were given this knowledge and patched it prior to it becoming public knowledge. This shouldn’t be allowed! The very moment the vulnerability was found, it should of been public knowledge. Millions of people worldwide were unknowingly passing important information over non secure lines for who knows how long. Just about every service relies on OpenSSL, including but not limited to credit card transactions, emails, FTP, SSH and VPN’s. The impact from this threat could be catastrophic.
If #heartbleed doesn't affect you, you're Amish.
— Anonymous (@YourAnonNews) April 9, 2014
Remember when we said that HTTPS was the only good resource against #NSA QUANTUM? Oh well, #heartbleed.
— Claudio (@botherder) April 9, 2014
"The odds are close to 1 that every site has had its keys extracted by multiple intelligence agencies [due to #heartbleed]" — @schneierblog
— Robert Love (@rlove) April 9, 2014
Search for processes still using old OpenSSL #heartbleed : grep -l 'libssl.*deleted' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps u
— jekil (@jekil) April 9, 2014
#Heartbleed Internet security bug spurs calls for password changes: http://t.co/gEKArx3J3P pic.twitter.com/oJQ2bcWNuH
— Orlando Sentinel (@orlandosentinel) April 9, 2014