April 10th, 2014

Heartbleed...Time to Go?

So by now if you're into tech you've probably heard, the heartbleed attack on OpenSSL is out, people have known about it since 2012 and from early reports its looking like a vast majority of the internets SSL certificates are going to have to be revoked.

If you want to know in laymans terms what this means well say you own a bank account in a bank with millions of customers with a certain sum (£1200) in it. You work out that by using saying something to the teller you can escape the "bounds" of your £1200 saving and start having access to £64 of other peoples money. Bad eh?

The bug was a simple error from a coder (who should have known better) but this kind of thing has been fixed by modern languages in the last 15 years and we don't know why people are still stuck in the stone ages coding a mission critical library in a 40 year old language where a simple lapse of concentration from a programmer can produce disasterous effects.

Yeah C is fast and portable, but its also very unweildy which makes mistakes easy to make. We should be looking to a language with this error checking built in from the outset like Go for the future and maybe we wouldn't have to do stupid things like reset most of the SSL certificates on the internet...

comments powered by Disqus