![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A friend of mine who’s a geek and I were talking about Heartbleed a couple of days ago. Said friend has never been a coder, and thus never really spent a significant time looking at memory dumps, unlike us old school programmers who have (especially back when we were, um, trying to argue with copy protection on games we owned back in the 80s when apps were traditionally copy protected).
So my friend said, “I don’t get why SSL certs have to be reissued.”
This friend doesn’t run SSL (nor do I). But I see exactly the gap that some technical people have.
Also, I haven’t heard a lot of people talking about the problem of non-obviously SSL security complications of the heartbleed attack, like password and cookie salts.
( Read the rest of this entry » )
Originally published at deirdre.net. You can comment here or there.