Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Akamai Heartbleed patch not a fix after all

15 Apr 2014   #1

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Akamai Heartbleed patch not a fix after all

Quote:
Akamai, the network provider that handles nearly one-third of the Internet's traffic, released a Heartbleed patch to the community on Friday, saying that it would protect against the critical Web threat. Now it appears that's not the case.

Writing on his company's blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher discovered it had a bug that caused it to be a partial, not full, patch.

"In short: we had a bug," Ellis wrote. "An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others."
Quote:
"This patch does not, on its own, protect against private key disclosure through Heartbleed," Pinckaers wrote to Akamai customers. "This means your certificates on Akamai servers need to be rotated, and anything sent before then is vulnerable to Heartbleed compromise. If you send customer passwords to Akamai, you should ask your customers to change their passwords again. They'll enjoy that."
Quote:
Akamai is now heading back to the drawing board. Ellis says that his company has already started rotating SSL certificates that are vulnerable to protect its customers. Ellis says that some certificates will rotate quickly, while others will take a bit longer.

CNET has contacted Akamai for additional comment on the security flaw. We will update this story when we have more information.
Akamai Heartbleed patch not a fix after all - CNET

My System SpecsSystem Spec
.

15 Apr 2014   #2

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

Isn't the recompile OpenSSL with "-DOPENSSL_NO_HEARTBEATS" would eliminate this vulnerability? And if it does, why companies don't do that?
My System SpecsSystem Spec
Reply

 Akamai Heartbleed patch not a fix after all




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:13 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33