Heartbleed OpenSSL Vulnerability: A Technical Remediation

An anonymous reader writes "Since the announcement malicious actors have been leaking software library data and using one of the several provided PoC codes to attack the massive amount of services available on the internet. One of the more complicated issues is that the OpenSSL patches were not in-line with the upstream of large Linux flavors. We have had a opportunity to review the behavior of the exploit and have come up with the following IDS signatures to be deployed for detection."

Re:Situation is a Shambles

[The Snowman]

I agree 100%, since there have never been bugs in languages like Java.

Also, managed languages like Java and .NET are written in other managed languages running bytecode, making them extra secure. At no time do any of these languages use libraries or environments written in lower level languages such as C++, C, or assembler. So to the GP's credit, programmers who know those languages are okay to die off since we do not need them anyway.

Re:Thank you for the mess

[davester666]

Not really. Lots of people are wrong on the internets! :-)

Re:what?

[TheGratefulNet]

let me run that thru the jive translator:

"well, shit!" ==> "golly!"