Heartbleed programmer says he made a mistake
A German computer programmer who wrote the Heartbleed code which has caused a worldwide online security scare has said he made a mistake.
The faulty code allows anyone to read the memory of systems which use the popular OpenSSL software. It was written by a German, Robin Seggelmann from Münster, in 2011 while he was working on the code in his spare time.
Seggelmann said the code was a mistake which was made while trying to improve OpenSSL.
In an email to Spiegel Online he described the mistake as “fairly trivial”.
Seggelmann’s code was incorporated into the finished software and remained unnoticed for more than two years.
The SSL encryption is used by a variety of websites, email services and chat programs and is one of the building blocks of security log-ins.
But the bug allows attackers to steal important data from encrypted connections. Users have been advised to change all their passwords.
Google announced that its own internet search, email service and YouTube had been secured with updates. Banks also had to close security holes in their systems.
SEE ALSO: Nerd calendar puts joy back in joy-sticks
Comments
See Also
The faulty code allows anyone to read the memory of systems which use the popular OpenSSL software. It was written by a German, Robin Seggelmann from Münster, in 2011 while he was working on the code in his spare time.
Seggelmann said the code was a mistake which was made while trying to improve OpenSSL.
In an email to Spiegel Online he described the mistake as “fairly trivial”.
Seggelmann’s code was incorporated into the finished software and remained unnoticed for more than two years.
The SSL encryption is used by a variety of websites, email services and chat programs and is one of the building blocks of security log-ins.
But the bug allows attackers to steal important data from encrypted connections. Users have been advised to change all their passwords.
Google announced that its own internet search, email service and YouTube had been secured with updates. Banks also had to close security holes in their systems.
SEE ALSO: Nerd calendar puts joy back in joy-sticks
Join the conversation in our comments section below. Share your own views and experience and if you have a question or suggestion for our journalists then email us at [email protected].
Please keep comments civil, constructive and on topic – and make sure to read our terms of use before getting involved.
Please log in here to leave a comment.