Tatsuya Hayashi, the researcher who found one of the critical bugs, told the Guardian that the latest flaw “may be more dangerous than Heartbleed” as it could be used to directly spy on people’s communications.

Heartbleed was deemed to be one of the most critical internet vulnerabilities ever when it was uncovered in April. OpenSSL is supposed to protect people’s data with digital keys but has been exposed as flawed numerous times in recent months.

The latest vulnerability was introduced in 1998 and has been missed by both paid and volunteer developers working on the open-source project for 16 years.

http://www.theguardian.com/technology/2014/jun/06/heartbleed-openssl-bug-security-vulnerabilities

Although, I guess if it’s been there 16 years maybe it’s not *that* bad?

I have no idea what the title means so I opened it up. Still none the wiser.

Would blu-tac help?

People get paid to find vulnerabilities.. they find vulnerabilities

Would blu-tac help?

40 years of paid and unpaid Blu-Tac research hasn’t found any security vulnerabilities with it.

But you never know.

It does tend to leave greasy marks on walls, but that would not really count as a security risk.

Oh for god’s sake, really?

On the bright side, at least after last time I’ve now got extensive documentation as to where OpenSSL is running.

Same here with our products. That doesn’t make it easier to get the fixes in, test them and release them before the next tranche get released though.

Heartbleed has focussed the mind of both customers and researchers and I fully expect OpenSSL to get a lot more attention in the upcoming months. So at least I won’t be bored.