captured quite a bit of news these past few days. A hole in the most secure of web services tends to make people a bit anxious. Racing to release patches and assess the damage consumed people for days. While I was a bit concerned about the possibilities of exposed private keys on any number of web servers, the overriding thought in my mind was instead about the speed at which we went from “totally secure” to “Swiss cheese security” almost overnight.
Jumping The Gun
As it turns out, the release of the information about Heartbleed was a bit sudden. The rumor is that the people that discovered the bug were racing to release the information as soon as the OpenSSL patch was ready because they were afraid that the information had already leaked out to the wider exploiting community. I was a bit surprised when I learned this…