HeartBleed Bug: Reliable sources (not this blog though)

Here are a few links that as of writing of this blog are considered reliable, and I write them here so that I can use this blog as a resource when I talk to people.  Reliability is NOT guaranteed, links may change over time and apparently could be exploited.  This really is a public document for my own use.

A terse governmental documentation:

• https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0160

Easier to read, but very scary:

• https://www.heartbleed.com

Another one for Linux users:

• https://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

An author offers suggestions for a fix:

• https://sqlmag.com/security/openssls-major-security-flaw-protect-your-data

As to any official Microsoft answers, statements, etc. then you will need to find another blog.  The ones I checked pretty much said that Microsoft didn’t use OpenSSL on Azure, but I am not making that statement officially, this is just research that I am doing for questions that students have asked me.