|15 Apr 2014||#1|
| || |
Akamai Heartbleed patch not a fix after all
Akamai, the network provider that handles nearly one-third of the Internet's traffic, released a Heartbleed patch to the community on Friday, saying that it would protect against the critical Web threat. Now it appears that's not the case.
Writing on his company's blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher discovered it had a bug that caused it to be a partial, not full, patch.
"In short: we had a bug," Ellis wrote. "An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others."
"This patch does not, on its own, protect against private key disclosure through Heartbleed," Pinckaers wrote to Akamai customers. "This means your certificates on Akamai servers need to be rotated, and anything sent before then is vulnerable to Heartbleed compromise. If you send customer passwords to Akamai, you should ask your customers to change their passwords again. They'll enjoy that."
Akamai is now heading back to the drawing board. Ellis says that his company has already started rotating SSL certificates that are vulnerable to protect its customers. Ellis says that some certificates will rotate quickly, while others will take a bit longer.
CNET has contacted Akamai for additional comment on the security flaw. We will update this story when we have more information.
|My System Specs|
|Similar help and support threads for2: Akamai Heartbleed patch not a fix after all|
|Heartbleed Bug: What Can You Do?||Security News|
|Is Akamai Netsession potentially harmful?||General Discussion|
|Rusty Hearts: the patch was downloaded a patch file list and -cont.||Gaming|
|akamai.net/hotmail glitch bad link||Browsers & Mail|
|Microsoft issues first Windows 7 beta patch But it skips SMB patch not critical||News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 01:03 PM.