1 |
On 04/09/2014 05:06 PM, Joseph wrote: |
2 |
> Is gentoo effected by this new 'Heartbleed' bug? |
3 |
> |
4 |
> "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library...." |
5 |
> |
6 |
> http://heartbleed.com/ |
7 |
|
8 |
This topic was discussed in my favorite podcast, http://twit.tv/sn |
9 |
|
10 |
Steve Gibson explained that the heartbeat feature was introduced in openssl to |
11 |
allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol. |
12 |
|
13 |
IIRC Steve didn't explain how UDP bugs can compromise TCP connections. |
14 |
|
15 |
Anyone here really understand the underlying principles? If so, please explain! |
16 |
|
17 |
Thanks. |