ā† Back to Topics

Heartbleed OpenSSL Vulnerability

The cluster discusses the Heartbleed bug in OpenSSL, its discovery after years in the codebase, catastrophic impact, patching, and use as an example of open-source security failures and auditing challenges.

šŸ“‰ Falling 0.5x Security
1,548
Comments
19
Years Active
5
Top Authors
#5443
Topic ID

Activity Over Time

2008
6
2009
5
2010
6
2011
9
2012
10
2013
17
2014
696
2015
145
2016
111
2017
76
2018
65
2019
64
2020
54
2021
57
2022
79
2023
50
2024
39
2025
55
2026
4

Top Contributors

tptacek (62) scarface74 (9) userbinator (8) peterwwillis (8) makomk (7)

Keywords

DNS KLEE YouTube CVE TLS CCS NSA IP JFC EFF heartbleed openssl bug vulnerability ssl heartbeat affected memory attacker log

Sample Comments

verbify ā€¢ Oct 16, 2016 ā€¢ View on HN

We had access to openssl code, and yet heartbleed happened.

nurettin ā€¢ Jan 22, 2025 ā€¢ View on HN

Heartbleed has been patched, so unless you know a serious attack vector, I'm not sure where this is going.

yuhong ā€¢ May 24, 2015 ā€¢ View on HN

But given Heartbleed, OpenSSL CCS, etc...

koliber ā€¢ Jul 19, 2024 ā€¢ View on HN

Don't forget heartbleed, a vulnerability in OpenSSL, the software that secures pretty much everything.

dewey ā€¢ Jan 29, 2019 ā€¢ View on HN

Remember OpenSSL / Heartbleed etc?

0x0 ā€¢ Jan 12, 2016 ā€¢ View on HN

Like heartbleed, gotofail, or the debian ssl entropy bug? :)

ddebernardy ā€¢ May 19, 2019 ā€¢ View on HN

OpenSSL (before HeartBleed) springs to mind.https://news.ycombinator.com/item?id=7640378

userbinator ā€¢ Sep 12, 2023 ā€¢ View on HN

What practically exploitable attacks have shown up in OpenSSL over the years, with the exception of Heartbleed?

itsTyrion ā€¢ Apr 19, 2024 ā€¢ View on HN

Heartbleed was a decade ago? JFC Iā€™m getting old

bastawhiz ā€¢ Jan 20, 2018 ā€¢ View on HN

Heartbleed was in OpenSSL for years before it was discovered. It was readily auditable with plenty of docs and specs and yet nobody noticed.