Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - News > Syndicated Linux News
User Name
Syndicated Linux News This forum is for the discussion of Syndicated Linux News stories.


  Search this Thread
Old 03-03-2017, 01:53 AM   #1
LXer NewsBot
Registered: Dec 2005
Posts: 99,825

Rep: Reputation: 102Reputation: 102
LXer: Three Years after Heartbleed, How Vulnerable Are You?

Published at LXer:

Three years ago, the Heartbleed vulnerability in the OpenSSL cryptographic library sent the software industry and companies around the world into a panic. Software developers didn't know enough about the open source components used in their own products to understand whether their software was vulnerable - and customers using that software didn't know either.

Old 03-03-2017, 02:47 AM   #2
Senior Member
Registered: Apr 2005
Posts: 2,098
Blog Entries: 5

Rep: Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139Reputation: 1139
It's not any better, as in the corporate world Linux in particular is just used as a free replacement for Windows or UNIX.

Historically the big fortune 500 companies backing Linux and other open source projects had to pay people big money to write code, nowadays they pay what is really peanuts in comparison to hobbyist developers and roll out the result as end product.

The products are "sold", or more likely given away and then the after sales support dies. It's then your problem, but it's "Linux" and "free" so it must be good... This is particularly true of the "embedded Linux", often the aspect championed most by corporate Linux proponents and many end users alike.

But while this continues and bearing in mind that the project leader himself openly doesn't care much about security (leaving that to others), there's not much hope of this improving any time soon.

With OpenSSL the response has also been forks, which are as ever available to use and those running up to date Linux distributions, will be 'safe' from that particular vulnerability, but the issue of unsupported embedded Linux remains.

Proprietary offerings where vulnerable OpenSSL code has been used are pretty much outside of the control of end users. As with any proprietary software, they will either update it or they won't or you'll buy a new version. But there is not much difference from a user's perspective between this kind of model and offerings such as Android where users with old devices are stuck running an old, vulnerable, OS because you're at the mercy of the hardware vendor. A locked down device running a bastardised Linux, which has to be "rooted" and prevents the user installing the OS of their choice in order to make their device secure and continue to get use out of it, is not freedom by anyone's definition, not a "Linux distro" and only "free software" from a purely technical or legal standpoint.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Heartbleed Remains a Risk 2 Years After It Was Reported LXer Syndicated Linux News 0 04-08-2016 05:42 AM
[SOLVED] Fix SSL for HeartBleed & vulnerable prior to 1.0.1i in Kernel 2.6.35? Basher52 Linux - Software 4 03-31-2015 03:49 AM
NSA knew about Heartbleed for two years? xyzone General 17 04-27-2014 02:59 PM
[SOLVED] I think my version of SSL isn't vulnerable to Heartbleed, but I want to make sure nerdofdarkness Linux - Newbie 6 04-13-2014 07:38 PM > Forums > Linux Forums > Linux - News > Syndicated Linux News

All times are GMT -5. The time now is 05:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration