Heartbleed was a mistake. xz/liblzma looks malicious. What do they have in common?

Unsupported maintainers.

🕵️‍♂️ اصطياد الثغرات: قصص الاكتشاف
🚩في 2014، ثغرة 'Heartbleed' في OpenSSL سمحت بسرقة البيانات
🚩2018، ثغرتي 'Spectre' و'Meltdown' في المعالجات سمحت بسرقة البيانات
🚩2021، ثغرة 'Log4j' في Java سمحت بتنفيذ تعليمات برمجية عن بُعد

woke up w the most painful stomachache in my life. im so weak lol 😭

'The Heartbleed Bug: A Decade of Lessons Learned' - lcdtrc.link/uiu2u8d
#LucidTracBlog #Cybersecurity #OpenSSL #HeartbleedBug #OnlineSecurity #Encryption #DataProtection #SoftwareVulnerability #OpenSourceSoftware #CodeReview #Transparency #Collaboration #SecurityBestPractice

2014: The Heartbleed Bug was publicly disclosed. The buffer over-read vulnerability had been discovered by Neel Mehta and later privately reported to the OpenSSL project, which patched it the next day. The vulnerability was inadvertently introduced into OpenSSL 2 years prior.

Há 10 anos #heartbleed

#30DaysofTHMstreak
Heartbleed CTF
Day 23✅

This critical flaw in #OpenSSL , a widely used cryptography library, affected about 17% of the Internet's secure web servers at the time of its disclosure.

Learn more about the impact of #Heartbleed and the long-term solutions that emerged in its wake: hubs.li/Q02wKHw60

On the 2014 Heartbleed exploit that built upon a flaw in the OpenSSL encryption protocol.

It's extraordinary how so much of the internet infra today utilizes open source building blocks and these are so often reliant on very small teams or solitary individuals for upkeep.

🔐 365 days of CTF TryHackMe 🔐

{Day 23}: HeartBleed 💔
Difficulty: Easy
Tags:  #nmap #metasploit #heartbleed

对于推上的程序员讨论实在是无力吐槽了… 一个个都这么强，也没见谁去拦一下这次的 xz，修个 heartbleed，或者随便找个藏了十来年的基础软件 bug 啊…
随便打开一个几千 star 的 Github 项目，读读代码都能找到无数个 bug，去拯救世界去吧。

Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed!

'Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.'…

Ten Years Of Heartbleed: Lessons Learned packetstormsecurity.com/news/view/3582…

Things you may not know about the Heartbleed Bug:
1) A serious vulnerability in OpenSSL.
2) Discovered in 2014, affected millions of websites.
3) Led to significant changes in internet security practices.

Die gesamte westliche IT ist ganz ganz ganz knapp und rein zufällig an einem Supergau vorbeigeschrammt, gegen den selbst Heartbleed nur ein blauer Fleck war, und in der Medienwelt sehe ich so absolut gar nichts davon.

Naja. Nächstes mal ist dann das Gejammer wieder groß.

SC Media UK - Ten Years of Heartbleed: Lessons Learned bit.ly/44hMf5L

If you find an interesting CVE and want a fun name for it (y'know like Heartbleed, Shellshock, etc.) might I suggest 'CrowdStrike Falcon'?

I believe that's how things work these days. At least that's how it works at CrowdStrike.

#FreePunkSpider

#Heartbleed is 10 Years Old – Farewell Heartbleed, Hello QuantumBleed! - buff.ly/3xfhce8 #security #encryption #cryptography #cybersecurity #infosec

vx-underground Almost 10 years since heartbleed, and yet 45% of open source maintainers report the biggest challenge they face is burnout as of 2023. Governments direct trillions in public goods funding, I feel they could be doing more to support digital infra we all rely upon 🧐

SC Media UK - Ten Years of Heartbleed: Lessons Learned bit.ly/446nmda