So…it turns out that OpenSSL has been broken for a couple of years.  Most UNIX-based servers are going to be affected.  If you use OpenSSL on a server, get this fixed now.  Many of the big companies are doing so now.  If you don’t, you’re probably going to get several “Hey, you should change your password” e-mails over the next several days.

Bruce Schneier has more.  For a humorous take, check out The Daily WTF.  Several people there make the argument that we shouldn’t use C or other languages without boundary protection for…well, pretty much anything.  Given how easy it is for a good developer to make a catastrophic mistake and for it to sneak by code reviews for years, I think they have a point.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s