joubin jabbari
  • home
  • blog
  • work
  • reading
  • photography
  • contact
  • resume

Heart bleed

You can't really be mad at a community that donates their free time to make the web a safer place. Moreover, the source to openSSL is OPEN. So, if you really care, go ahead and check ti out. But, I wonder if this could have all been avoided with proper firewall rules.

img

When sending a message, the tcp header checksum fails. In school, we learn never trust what a client gives you. All machines to a firewall are technically clients. Therefore, when a checksum fails, the firewall should drop the packet. End of story.

Am I wrong in this regard?


April 07 2014

Joubin Jabbari | Github | Twitter