Robin Seggelmann, a programmer based in Germany, submitted the code in an update submitted at 11:59pm on New Year’s Eve, 2011. It was supposed to enable a function called “Heartbeat” in OpenSSL, the software package used by nearly half of all web servers to enable secure connections.
He says the “Heartbleed” vulnerability to the open-source code used by thousands of websites says it was an “oversight” – but that its discovery validates the methods used.
His update did enable Heartbeat, but an “oversight” led to an error with major ramifications. But it accidentally created the “Heartbleed” vulnerability, which has been described as a “catastrophic” flaw which laid the contents of thousands of web servers open to hackers.
Seggelmann worked on the OpenSSL project during his PhD studies, from 2008 to 2012, but isn’t involved with the project any more.
It has also been discovered in Cisco and Juniper routing gear, which could mean that hackers could capture sensitive data such as passwords passing over the internet.
He said that the mistake has nothing to do with its festive datestamp. “The code… was the work of several weeks. It’s only a coincidence that it was submitted during the holiday season.
“I am responsible for the error,” he continued, “because I wrote the code and missed the necessary validation by an oversight. Unfortunately, this mistake also slipped through the review process and therefore made its way into the released version.”
The post ‘Oversight’ causes an error HeartBleed; says it’s Developer appeared first on Am I Hacker Proof.
View full post on Am I Hacker Proof