Akamai, the network provider that handles nearly one-third of the Internet's traffic, released a Heartbleed patch to the community on Friday, saying that it would protect against the critical Web threat. Now it appears that's not the case.
Writing on his company's blog Sunday night, Akamai chief security officer Andy Ellis said that while he had believed the Akamai Heartbleed patch fully fixed the issue, a security researcher discovered it had a bug that caused it to be a partial, not full, patch.
"In short: we had a bug," Ellis wrote. "An RSA key has 6 critical values; our code would only attempt to protect 3 parts of the secret key, but does not protect 3 others."
Akamai is now heading back to the drawing board. Ellis says that his company has already started rotating SSL certificates that are vulnerable to protect its customers. Ellis says that some certificates will rotate quickly, while others will take a bit longer.
CNET has contacted Akamai for additional comment on the security flaw. We will update this story when we have more information.
Akamai Heartbleed patch not a fix after all - CNET
- Win 7 32, Win 7 64 Pro, Win 8.1 Pro
- Computer type
- System Manufacturer/Model
- It's a Dell, Dude.
- Intel Caffinated Core Duo
- Father is bored too.
- 4 GB
- Graphics Card(s)
- NVidia something-or-another
- Monitor(s) Displays
- 24" HD TV/Monitor/Alternative Dimensional Viewing Portal
- Screen Resolution
- Fuzzy after a couple drinks
- Hard Drives
- 2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
- Don't get on my case....man
- Scotch on the rocks on the weekends..
- Mad Catz Cyborg V7. Or maybe Cyborg Catz Are Mad At V7's??? I know it lights up...far out.
- currently being stalked by the cat...
- Internet Speed
- Never fast enough...
- Defeated by Mario...wait...OH...BRowser...