The Heartbleed bug in a software library (called OpenSSL) used to secure many websites allows an attacker to trick these websites to send an arbitrary memory block of 64 kilobytes back to him. In this blog post I will argue that the way this bug was disclosed has greatly increased the damage it causes.

Read the rest of this entry »