Wednesday, April 09, 2014

Schneier on Security: Heartbleed

More Heartbleed analysis

""Catastrophic" is the right word. On the scale of 1 to 10, this is an 11. [...] At this point, the odds are close to one that every target has had its private keys extracted by multiple intelligence agencies. The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident, but I have no proof."
Schneier on Security: Heartbleed
Post a Comment