When Your Heartbleed Fix Isn’t

Overconfidence… one of the biggest problems in defensive security.

Which is not to say you have to assume the adversary is omnipotent. But, as this article shows, it’s always a good idea to take the same approach to protecting yourself as the NSA takes to watching you masturbate.

Specifically, think belt and suspenders. RSA believed their custom memory allocator meant Heartbleed didn’t affect them… and didn’t change their keys. Now it turns out they were wrong.

Come to think of it, “belt and suspenders” is probably the most concise and easy-to-grasp way I know to explain defense in depth (an NSA invention) to a lay audience…

https://www.securityweek.com/akamai-reissuing-ssl-keys-after-flaw-found-heartbleed-mitigation

Advertisements
%d bloggers like this: