On 04/09/2014 05:06 PM, Joseph wrote: > Is gentoo effected by this new 'Heartbleed' bug? > > "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL > cryptographic software library...." > > http://heartbleed.com/
This topic was discussed in my favorite podcast, http://twit.tv/sn Steve Gibson explained that the heartbeat feature was introduced in openssl to allow *UDP* connections to mimic the 'keepalive' function of the TCP protocol. IIRC Steve didn't explain how UDP bugs can compromise TCP connections. Anyone here really understand the underlying principles? If so, please explain! Thanks.
