More Heartbleed fallout

Estimated reading time: 1 minute.

The full extent of the damage caused by the Heartbleed vulnerability may not be known for months. New reports of compromised systems are appearing daily.

Ars Technica reports on a very unfortunate compromise of an OpenVPN installation. It’s particularly bad, because thousands of companies worldwide use VPN solutions to provide supposedly completely secure access to corporate networks from off-site. The potential for damage is enormous.

Also in Heartbleed news: apparently the recently-reported Heartbleed-based intrusion of the Canada Revenue Agency was the work of a teenaged computer science student. He’s been arrested. It seems clear that his motivation was curiosity rather than something more sinister, since he did absolutely nothing to conceal his identity.

About jrivett

Jeff Rivett has worked with and written about computers since the early 1980s. His first computer was an Apple II+, built by his father and heavily customized. Jeff's writing appeared in Computist Magazine in the 1980s, and he created and sold a game utility (Ultimaker 2, reviewed in the December 1983 Washington Apple Pi Journal) to international markets during the same period. Proceeds from writing, software sales, and contract programming gigs paid his way through university, earning him a Bachelor of Science (Computer Science) degree at UWO. Jeff went on to work as a programmer, sysadmin, and manager in various industries. There's more on the About page, and on the Jeff Rivett Consulting site.

Leave a Reply