My WordPress installation sent me an email this morning, saying I was the only person with a blog who hadn’t written about heartbleed, and I only have one thing to add, really.
Heartbleed describes a bug in OpenSSL, most succinctly explained by the xkcd: Heartbleed Explanation comic. It’s a routine programming bug, but the incomprehensible aspect is that the OpenSSL authors actively worked around system malloc’s and rolled their own: to make you vulnerable that much faster (“exploit mitigation countermeasures”). Other bugs that have been logged for years are presumably being reviewed. Nothing new to add there.
But I say that critical infrastructure exploits should all have better names, though ‘heartbleed’ isn’t bad — a heartbeat function that bleeds information. But instead of rolling your own, or going by generic CVE entries, we should pre-allocate alphabetical names, like they do for hurricanes. Except I’d name them after waitresses, not just generic female names. So, instead of ‘heartbleed’ we’d start with ‘Amanda.’
- Amanda (one of my favorite waitresses)
- Betty (I don’t know a waitress named Betty, but I imagine she’d be really good).
- Chelsea (who isn’t a waitress any more; she’s a parole officer).
- Dotty (Like Betty, I don’t know a waitress named Dotty. I bet Dotty’s a good waitress, but not as good as Betty).
- and so on.
Everyone could have action plans and themed PowerPoint templates ready. Next critical infrastructure bug? Pull out the “Torie” slides, and Bob’s your uncle. That’s all I have to say. Thanks.