Heartbleed hacker arrested, charged in connection to malicious bug exploit

Kent Sharkey

Ars Technica[^]:

Computer science student is first arrest in relation to vulnerability.

One down, who knows how many to go

David Cunningham

Looks like someone who was just fooling around to see if the bug was real, I bet a lot of people did the same without realizing they were truly doing something illegal simply in the interests of seeing if it worked. I hope he learns a lesson without it ruining his life.

Bernhard Hiller

But the professional criminals of NSA & Co won't be arrested...

Rob Grainger

I hope they catch some serious flak for this one - ignoring a critical vulnerability like this for 2 years so they could exploit it put many individuals and business' data at risk. I doubt it though, NSA/GHCQ seem to have carte blanche to do whatever they want in the interest of "National Security".

"If you don't fail at least 90 percent of the time, you're not aiming high enough." Alan Kay.

Cristian Amarie

"Illegal" ? It's not that you gained access to the remote system, execing remote commands, and (optionally) profit from this. I brought down the city hall server testing the same vulnerability. Imagine this conversation: Client: 00 18 00 13 31 00 Server: here's my apache and PHP loader, take a handle to apache and maybe grab some url with user/pass in clear Client: Ha? What's next? Send a PNG with vulnerability and read memory of shell32.dll? Oh, it has been done already. I think the term hacker is used every time one have XP installed with empty password and green grass as wallpaper. It's not that the guy was pumping day and night fragments to the server in order to make the server bonk. Even so, it's the server's problem. At least, this is how I see things.