logoalt Hacker News

timschmidtyesterday at 5:11 PM2 repliesview on HN

> I'm confused

The original paper which proposed the OpenSSL Heartbeat extension was written by two people, one worked for NSA and one was a student at the time who went on to work for BND, the "German NSA". The paper authors also wrote the extension.

I know this because when it happened, I wanted to know who was responsible for making me patch all my servers, so I dug through the OpenSSL patch stream to find the authors.

Replies

tptacekyesterday at 5:26 PM

What does that paper say about implementing the TLS Heartbeat extension with a trivial uninitialized buffer bug?

show 1 reply
aw1621107yesterday at 5:15 PM

Ah, that clears up the confusion. Thank you for taking the time to explain!