Michael Wolf is on the show helping me deal with the post Heartbleed vulnerability trauma we all are feeling today. Plus he’s got some good news for folks in the wearables industry. As a bonus Steve Gibson helps us understand what we should do about Heartbleed.
Multiple versions (ogg, video etc.) from Archive.org.
Please SUBSCRIBE HERE.
A special thanks to all our Patreon supporters–without you, none of this would be possible.
Big thanks to Mustafa A. from thepolarcat.com for the logo!
Thanks to our mods, Kylde, TomGehrke and scottierowland on the subreddit
The entire Internet has been reporting on the Heartbleed vulnerability in SSL/TLS today. Heartbleed is a bug in the OpenSSL cryptographic library version 1.01 that as been in
wild since 14 March 2012. The bug would allow an attacker to recover up to 64 kilobytes of memory from the server or client computer, repeatedly. OpenSSL has issued a patch which is OpenSSL 1.01g. The nasty part of the bug is it could not only allow an attacker to get things like passwords in memory if they’re lucky, but also recover primary and secondary SSL keys, which means the bad guys could impersonate the good guys and you’d never be able to tell. Many sites do not use OpenSSL and are unaffected. Apple, Google and Microsoft appear to be unaffected, along with the major e-banking services. Before you log into a sensitive service check filippo.io/Heartbleed/ to see if the site has updated to SSL 1.01g, although beware some false negatives have been reported. But if it says it’s updated it is. Then you should also check to make sure any previously vulnerable site has updated its ssl certificate which you can do at https://sslcheck.globalsign.com/ or do several of these tests at https://www.ssllabs.com/