The encryption flaw that punctured the heart of the Internet this week underscores a weakness in Internet security: A good chunk of it is managed by four European coders and a former military consultant in Maryland.
Most of the 11-member team are volunteers; only one works full time. Their budget is less than $1 million a year. The Heartbleed bug, revealed Monday, was the product of a fluke introduced by a young German researcher.
"It's sort of shocking how few people are at the heart of it," said Kenneth White, an encryption expert at Social & Scientific Systems Inc. in North Carolina. "This is some of the most complex communication code that exists on the Internet."
The OpenSSL Project was founded in 1998 to create a free set of encryption tools that has since been adopted by two-thirds of Web servers. Websites, network-equipment companies and governments use OpenSSL tools to protect personal and other sensitive information online.
So when researchers at Google Inc. and Codenomicon on Monday stated that Heartbleed could allow hackers to steal such data, the Internet went into a panic.
The frenzy intensified Friday after Bloomberg News reported that the National Security Agency knew about the hole for two years but kept it secret to gather intelligence on foreign targets. The NSA, White House and Office of the Director of National Intelligence denied the report. "Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," White House National Security Council spokeswoman Caitlin Hayden said.Read the rest of the story HERE.
If you like what you see, please "Like" us on Facebook either here or here. Please follow us on Twitter here.
No comments:
Post a Comment