The Apache “Optionsbleed” security hole explained [VIDEO]

Yesterday, we wrote about a new Heartbleed-like vulnerability in the Apache web server.

The new security hole can be triggered by a special sort of web request called OPTIONS, and it can leak, or “bleed”, data that isn’t supposed to be revealed…

….thus the name Optionsbleed.

(If one leakage is an optionsbleed, we don’t know what two of them are called: optionsbleeds, perhaps?)

Although the bug isn’t as dramatic or quite as dangerous as Heartbleed, it’s still a security vulnerability.

And any vulnerability by which you could give away data that you are supposed to keep private is a risk to your reputation, if not to your users.

We were asked if we could describe and discuss this bug in a short Facebook Live video, for those who find verbal explanations of technical topics easier to follow than dense written coverage.

So we did:

(Can’t see the video directly above this line? Watch on Facebook instead.)

(You don’t need a Facebook account to watch the video, and if you do have an account you don’t need to be logged in. If you can’t hear the sound, try clicking on the speaker icon in the bottom right corner of the video player to unmute.)