A few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not disclosing the bug to the Open Source community and to its rivals.
Keeping the users’ security at a stake, only a few more organizations and companies were made aware of this devastating bug, According to the Fairfax Media, the bug came in knowledge of Google on or before March 21 and then it followed a few other giants in the industry.
In a timeline of events compiled by the Fairfax Media it was clearly mentioned that the Google notified the OpenSSL about it with a delay of 11 days. The bug was brought under the notice on the April 1. Till the bug was publicly disclosed, none of the companies including Yahoo and Amazon were aware of it and atleast for 48 hours they stayed with the vulnerability. But excluding them, the bug was notified to few other companies, including Facebook, Cloudfare, Redhat and Akamai, almost a day before it was disclosed.
Also a few days ago, Google came up with a blog post stating that the company has patched all of its major services, including YouTube and GMail, and are now secure to use. We reported that, Google in a blog post stated, “You may have heard of “Heartbleed,” a flaw in OpenSSL that could allow the theft of data normally protected by SSL/TLS encryption. We’ve assessed this vulnerability and applied patches to key Google services such as Search, Gmail, YouTube, Wallet, Play, Apps, App Engine, AdWords, DoubleClick, Maps, Maps Engine and Earth. Google Chrome and Chrome OS are not affected. We are still working to patch some other Google services.”
Although the company didn’t gave a direct answer, a spokesperson said, “We aren’t commenting on when or who was give a heads up. The security of our users’ information is always a top priority”. We now are forced to believe that the Google patched all of its services even before the bug was disclosed.
[…] volunteers. And only one does it as a full-time job. Their labor of love is OpenSSL, …Google was aware of HeartBleed before it was disclosedThe Westside StoryGoogle accused of being selfish and playing favourites over Heartbleed security […]
I swear I thought this was just a bad translation of some foreign faux news story until I looked at the “About” for the source. A news organization in South Dakota! I know it’s a sparsely populated state, but they can’t find better writers out there than this?!
“the bug came in knowledge of Google on or before March 21 and then it followed a few other giants in the industry.”
“In a timeline of events compiled by the Fairfax Media it was clearly mentioned that the Google notified the OpenSSL about it with a delay of 11 days.”
“Google came up with a blog post”
….to cite a few examples.
[…] Google was aware of HeartBleed before it was disclosedThe Westside StoryA few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not …Google accused of being selfish and playing favourites over Heartbleed security …Sydney Morning HeraldHeartbleed and sentinels of the netMontreal GazetteHow Heartbleed stirred up unease in our easy online livesEdmonton JournalThe National Law Review -Digital Trendsall 267 news articles » […]
I run servers so I agree with “the Google’s” decision to patch themselves first before alerting the public. What most hackers do is exploit already published flaws once they become public before everyone has a chance to update. The danger with flaws usually comes after you publish them as you give a road map for all hackers to follow. Google would have been foolish to alert the public before they had a chance to figure out a solution and applying a patch. Furthermore, as far as they knew, no one else was aware or exploiting this flaw. So why would they notify hackers about it and expose the millions of users using gmail and YouTube, etc before they had patched their servers?
[…] Google was aware of HeartBleed before it was disclosedThe Westside StoryA few days ago security researchers disclosed the HeartBleed bug in the OpenSSL, but the story behind how other companies used it against their rivals was unknown until a report came out about it. In some recent reports Google has been accused of not …Google accused of being selfish and playing favourites over Heartbleed security …Sydney Morning HeraldDear Diary: A week in the life of the Heartbleed BugNational PostHow Heartbleed stirred up unease in our easy online livesCalgary HeraldThe National Law Review -Digital Trends -Hartford Businessall 258 news articles » […]
[…] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]
[…] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]
[…] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantThe Westside Story -CNBC.comall 259 news […]
A certain amount of phony drama has to be fabricated, otherwise there is now “news” story.
Yes, of course they were aware of it before it was disclosed. It was Google engineers who discovered the bug at the beginning of April!!!
Normal security practice was then followed by alerting those responsible for maintaining the code first, allowing sufficient time for them to come up with a fix (or validate one provided), then a staged disclosure is made to higher risk / higher profile users first, then to the public at large.
Why do I get the feeling all the above seems to come as news to the author and editors of this piece?
The article states that Google knew about Heartbleed ‘on or before March 21’ but ‘notified the OpenSSL about it with a delay of 11 days’ on April 1. The story is Google’s delay in notifying OpenSSL so it could protect itself first and f%*k everybody else. This is exactly the OPPOSITE of the spirit of open source.
11 days pretty quick turn around in comparison to basically ANY other exploit. Get the stick out of your bum
[…] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryCNBC.com -Sydney Morning Heraldall 257 news […]
[…] resourcesEconomic TimesHeartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryCNBC.com -Sydney Morning Heraldall 258 news […]
[…] love is OpenSSL, …Heartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comSydney Morning […]
[…] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]
[…] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]
[…] an opening in OpenSSL, the most common encryption technology on the Internet. OpenSSL …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]
[…] free software, …Heartbleed Also Affects Mobile Apps and NetworkingMultichannel MerchantGoogle was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comSydney Morning […]
[…] these volunteers, connected over the Internet, work together to build free software, …Google was aware of HeartBleed before it was disclosedThe Westside StoryHeartbleed Internet Security Flaw Used In AttackCNBC.comGoogle accused of being […]