Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security Programming

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty 56

Posted by samzenpus
from the try-it-again dept.
SpacemanukBEJY.53u (3309653) writes "It took security researcher Willem Pinckaers all of 15 minutes to spot a flaw in code created by Akamai that the company thought shielded most of its users from one of the pernicious aspects of the Heartbleed flaw in OpenSSL. More than a decade ago, Akamai modified parts of OpenSSL it felt were weak related to key storage. Akamai CTO Andy Ellis wrote last week that the modification protected most customers from having their private SSL stolen despite the Heartbleed bug. But on Sunday Ellis wrote Akamai was wrong after Pinckaers found several flaws in the code. Akamai is now reissuing all SSL certificates and keys to its customers."
This discussion has been archived. No new comments can be posted.

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty

Comments Filter:
  • by rmdingler (1955220) on Monday April 14, 2014 @08:20AM (#46746381)
    Yes. The corporate opposite of General Motors trying to explain to Congress the years-long lapse in reporting and repairing the ignition problems of millions of vehicles.

    Here's to hoping they are rewarded for their prompt honesty, rather than persecuted, as we certainly need to set some positive precedents for this exact type of conduct.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...