Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security Programming

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty 56

Posted by samzenpus
from the try-it-again dept.
SpacemanukBEJY.53u (3309653) writes "It took security researcher Willem Pinckaers all of 15 minutes to spot a flaw in code created by Akamai that the company thought shielded most of its users from one of the pernicious aspects of the Heartbleed flaw in OpenSSL. More than a decade ago, Akamai modified parts of OpenSSL it felt were weak related to key storage. Akamai CTO Andy Ellis wrote last week that the modification protected most customers from having their private SSL stolen despite the Heartbleed bug. But on Sunday Ellis wrote Akamai was wrong after Pinckaers found several flaws in the code. Akamai is now reissuing all SSL certificates and keys to its customers."
This discussion has been archived. No new comments can be posted.

Akamai Reissues All SSL Certificates After Admitting Heartbleed Patch Was Faulty

Comments Filter:
  • by rmdingler (1955220) on Monday April 14, 2014 @08:20AM (#46746381)
    Yes. The corporate opposite of General Motors trying to explain to Congress the years-long lapse in reporting and repairing the ignition problems of millions of vehicles.

    Here's to hoping they are rewarded for their prompt honesty, rather than persecuted, as we certainly need to set some positive precedents for this exact type of conduct.

Loose bits sink chips.

Working...