Heartbleed: Serious Security Vulnerability

Serious Wake-up Call

by Bruce Kleinman, FSVadvisors, foreword by Kevin Morris

Imagine if you woke up one morning, and found out that Walmart was now selling a device for $5 that could easily and instantly open almost any deadbolt lock. That’s right - the kind of lock that is supposed to give “extra protection” to just about every door on earth. That’s the magnitude of security problem posed by the Heartbleed Bug.

Contributing columnist Bruce Kleinman wrote the first half of this article and posted it to his “From Silicon Valley” blog on April 6, 2014. The timing of the post was a remarkable coincidence: just 36 hours before the Heartbleed Bug started making headlines.

As the creators of technology, we engineers need to re-think our commitment to security and safety. The systems we design don’t just earn us money – they are often trusted to protect people’s lives, privacy, and assets. This is a solemn responsibility that is all too often overlooked or given short shrift in our ongoing race to get timing closure, first silicon, working prototypes, and volume shipments.  Read More


latest news

April 17, 2014

Tanner EDA Announces All-New Digital Place and Route Tool in Release v16.1 of HiPer Silicon Design Suite

17V, 2.25MHz, Synchronous Step-Down Regulator Delivers 2A & Requires Only 3.5µA of Quiescent Current

April 16, 2014

ATopTech’s Aprisa and Apogee Physical Implementation Tools Certified by TSMC for V1.0 16nm FinFET Process

Elliptic Technologies Announces the Availability of High Performance, NIST SP 800-90 Compliant Random Number Generators

Vivado Design Suite 2014.1 Increases Productivity with Automation of UltraFast Design Methodology and OpenCL Hardware Acceleration

April 15, 2014

Agilent Technologies Announces Single-Slot Eight-Channel 8-bit PCIe Gen2 Digitizer

Flower Technology partners with EnSilica for the development of new ASIC mining solutions for scrypt-based cryptocurrencies

Google’s ATAP Group Selects Lattice FPGAs for its Project Ara Modular Smartphone Prototype

April 14, 2014

50Ω 20dB Gain Block Delivers 46dBm OIP3 & 2.6dB NF with Bandwidth from 20MHz to 2GHz

TSMC Certifies Synopsys Digital and Custom Solution for V1.0 N16 Process

Xilinx and its Ecosystem Demonstrate All Programmable Embedded Solutions for Machine Vision Applications at the AIA Vision Show 2014

April 11, 2014

Lattice Breaks the Rules with ECP5 FPGA Family for High-Volume Small-Cell, Microserver, Broadband Access & Video Applications

New eBook explains faster parallel programming of memories via JTAG on manufacturing lines

Dual Multi-Topology DC/DC Converters with 50V, 2A Internal Switches

April 08, 2014

QuickLogic Announces Sensor Hub IDE and Development Board for Rapid Customization

FPGA News Archive

“Softly” Defined Networks

Xilinx Punches Up the Programmability

by Kevin Morris

Exposed by Tools

The Dark Side of Reporting Features

by Bryon Moyer

Augmented Reality

A Compelling Mobile Embedded Vision Opportunity

by Tom Wilson, Brian Dipert, Marco Jacobs, Tim Droz

Board Revolution

Part 2 - Mentor Xpedition

by Kevin Morris

FPGA Article Archive

 

Editors' Blog

Moving Back to Software

posted by Bryon Moyer

TI’s new substation collaboration allows a software solution to replace hardware – the reverse of what typically happens as a market matures. What’s up with that? (9-Apr)

Ban Power Consumption

posted by Bryon Moyer

When you think about it, “power consumption” makes no sense as a concept. This is for those of you that like to choose your words precisely. (26-Mar)

Smoother IP to SoC Prototyping

posted by Bryon Moyer

Some folks have to prove out IP; others have to integrate IP into an SoC. And some people or groups do both, first building IP and then using it. Prototyping just got easier for that scenario. (4-Feb)

An Anti-Security Tool for Gray Hats

posted by Bryon Moyer

While many of you are working hard to build and improve system security, you are in a race. But I guess you knew that… (22-Aug)

It’s the Details

posted by Bryon Moyer

You can have groundbreaking fundamental technology and still fail due to the details. (9-Jul)

FPGA Editors' Blog Archive

 

forum

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 2:19 PM by TotallyLost

TotallyLost
Now if you would like a healthy chill in your spine about client and server side security, consider the following attack that is likely to show up in the wild soon, simply because of how easy/effective it is.

Since IT folks and customers have become VM…

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:46 AM by TotallyLost

TotallyLost
Bruce ... I agree that authentication can be dramatically improved .... however that is less than 1% of the real problem when the base computing platform and environment is not secure.

Securing that is neither easy, or likely, so normal everyday users …

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:31 AM by kleinman

kleinman
John--

This has been a good & healthy bit of "argy bargy", thank you!

You've pointed out some good items and raised awareness that users need to take greater responsibility [a] for client-side security and [b] to 'vote' with their business for gre…

Heartbleed: Serious Security Vulnerability

Posted on 04/16/14 at 11:09 AM by TotallyLost

TotallyLost
The answer to "how would you improve internet security" ... don't use it, or any computer connected to the internet, to process or store data that you can not risk being compromised.

I have held DOD security clearances, and managed secure data centers,…

FPGA Forum Archive

FaceBook_32x32.png  Twitter_32x32.png  Feed_32x32.png  

subscribe to our fpga newsletter



FPGA On Demand Archive


Login Required

In order to view this resource, you must log in to our site. Please sign in now.

If you don't already have an acount with us, registering is free and quick. Register now.

Sign In    Register