Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:huh (Score 1) 80

yea, is difficult to see how it could cost *that* much. although, I would argue that it could be a little more complicated than you mention, if you don't have a perfect inventory of all of your software and devices.

it was/is a serious enough bug that it was drop everything and start patching/mitigating the problem...since it can take time to determine if your software/devices are vulnerable, it is likely that people had to work overtime (does anyone actually get paid overtime anymore?).

it also probably meant running scans across your public IP space to see if you have anything listening that is vulnerable that you somehow missed, then tracking down exactly what that device is.

I've heard that some CA's were charging for either the revoke, or re-issue on certs as well. although I never actually confirmed that.

you then had to roll all passwords used on those devices, and any passwords that were used on external sites.

after the initial rush to patch/scan your came out that all heartbleed scanners are not accurate. so lots of people probably re-scanned with better tools.

if you work with a lot of external partners, people probably spent time scanning them as well, to see if they were still vulnerable, and reached out to them to get them to patch.

in a perfect world, a lot of the above is fairly automated...but I'd imagine most of us don't live in that perfect the above tasks take a fair amount of time, which detracts from other shows up as the cost of heartbleed. multiply that times X companies....and add in costs for consultants/contractors for some companies...and it gets to be big number.

Comment Re:Perspectives (Score 1) 782

SSH can't be proxied like SSL traffic

yep, it can. there are a few commercial fw's that do it...check out page 191 of McAfee's (.pdf) userguide

if you don't wanna read the .pdf...check here

"Put the network firewall in charge of security again with integrated comprehensive network gateway protection technology, including:

        Encrypted traffic inspection (SSH/SSL)

Submission + - Short Term Loans For Bad Credit (

An anonymous reader writes: First short term personal loans are very simple. Just do a quick search online and find all the different instant cash loans that are available. Make sure that you apply to different companies, so you can use the best available rates. Once you have your instant cash loan you can be approved within 24 hours of your request, gelten.

Slashdot Top Deals

You scratch my tape, and I'll scratch yours.