In two days this week the word “Heartbleed” became the biggest known Internet vulnerability in the world.
Word about the problem with versions of the open source OpenSSL libraries was sent out Monday, and when Revenue Canada shut its site for submitting online tax returns the flood of news stories accelerated.
Most of that was thanks to Google researcher Neel Mehta and several engineers working separately at security vendor Codenomicon who raised the alarm. It’s been widely reported that Mehta donated the US$15,000 Internet Bug Bounty he received to the Freedom of Press Foundation.
There’s no shortage of people on Twitter now with things to say a about Heartbleed, but I’ve selected three who you could keep an eye on:
Neel Mehta isn’t a frequent tweeter, although his contributions have picked up this week. I hope he keeps up the pace with more news about vulnerabilities like this one:
Heap allocation patterns make private key exposure unlikely for #heartbleed #dontpanic.
— Neel Mehta (@neelmehta) April 8, 2014
Dave Winer is a New York software developer who has long worked on weblogs – he says he wrote his first in 1994, and his Scripting News was running not long after — RSS syndication, podcasting, outlining , and web content management software. A former contributing editor at Wired Magazine, he’s has a master’s degree in computer science from the University of Wisconsin, been a research fellow at Harvard Law School and NYU as well as an entrepreneur and investor in web media companies.
Re Heartbleed: Can someone ask Snowden whether the NSA 1. did it or 2. was aware of it or 3.used it.
— Dave Winer ☮ (@davewiner) April 10, 2014
He calls himself a “natural-born blogger,” which means he has an opinion on almost everything – like “How to do new things.” On the topic of Heartbleed, he cheekily asked if Edward Snowden’s particular expertise could be leveraged.
IT World Canada CIO Jim Love appeared Wednesday on CTV News to share his insights on the vulnerability and his knowledge about security problems. This link will take you to his session. Unflappable – at least when I’ve had to deal with him – he blogs regularly for us, and is a part-time professor at the University of Waterloo and York University.
CTV Interview on the Heartbleed vulnerability. #itworldcanada.com #heartbleed http://t.co/hUv99Hb6bZ
— Jim Love (@CIOJimLove) April 9, 2014