On Friday Akamai published a blog post[1] indicating they were not vulnerable
to the Heartbleed attack. They patched OpenSSL to put the private key in a
separate part of memory, surrounded by guard pages. Akamai shared the patch
with the OpenSSL developers[2]. In their blog post they stated: "In our initial
assessment, we did not believe that customer private keys could have been
leaked as a result of this vulnerability;" and imply that this is the result of
their "custom secure allocation scheme."
Reception on Twitter was very positive.
The problem: Akamai's implementation doesn't work and isn't secure.
more here.......http://lekkertech.net/akamai.txt
to the Heartbleed attack. They patched OpenSSL to put the private key in a
separate part of memory, surrounded by guard pages. Akamai shared the patch
with the OpenSSL developers[2]. In their blog post they stated: "In our initial
assessment, we did not believe that customer private keys could have been
leaked as a result of this vulnerability;" and imply that this is the result of
their "custom secure allocation scheme."
Reception on Twitter was very positive.
The problem: Akamai's implementation doesn't work and isn't secure.
more here.......http://lekkertech.net/akamai.txt