CEO/Founder of CloudFlare thinks HTTPS is over UDP

[Exelion]

http://i.imgur.com/3gQIDqx.png

https://twitter.com/eastdakota/statu...82082380611584

"Want more terrible #heartbleed news? Probably can be used as a massive DDoS application vector. Yay!"

"it's just a UDP request."

"let's not talk about this over a public channel and hope that I'm wrong."

 

[kaniini]

Doesn't really surprise me given what else we've seen out of Cloudflare... they are in many ways the scummiest of the anti-DDoS scum.

 

[KuJoe]

I understand that CEOs are supposed to be experts about everything but sometimes they aren't. I know, it sucks to hear.

I'm surprised his Harvard Business School degree didn't teach him basic networking protocols.

[/sarcasm]

 

[iWF-Jacob]

Eh, he got it wrong but honestly it doesn't get me in a tizzy. People make mistakes, I know I for certain have made plenty of them. Just learn and move on.

For all the good CloudFlare has done (and seriously, they do some pretty cool stuff) I don't think it's worth it to bash them on such a small comment. 

 

[dano]

After reading the bio of Matt Price of Cloudflare, I'm seriously thinking his previous positions as Lawyer or Ski Instructor were more down his alley. In all honestly though, he really should know what he is talking about 100%, before he shoots off technical tweets for the world(that knows better) to laugh at.

 

[D. Strout]

No no no, he's right! HTTPS stands for HyperText TCP Protocol (Secure) - the only mistake he made was that he should have referred to HTUPS: HyperText UDP Protocol (Secure).

On a related note, visit my website: htups://www.dstrout.net/

 

[raidz]

Eh, he got it wrong but honestly it doesn't get me in a tizzy. People make mistakes, I know I for certain have made plenty of them. Just learn and move on.

For all the good CloudFlare has done (and seriously, they do some pretty cool stuff) I don't think it's worth it to bash them on such a small comment. 

Luckily its just the CEO and not an engineer. People should expect CEO's to say stupid things like this.

 

[wlanboy]

Well he is a CEO, not a CTO, so it is ok.

 

[Hxxx]

Honest mistake.

 

[WebSearchingPro]

Fear mongering I suppose, he was probably like "Hey we should say X to see if we can get some people to buy our product"

 

[drmike]

Heheh, happens to the best of us.  Question is if he is typically making these sorts of off comments..

 

[Dylan]

DTLS uses UDP.

 

[tchen]

Refers to this probably..


"Don't forget to patch DTLS against #heartbleed, reachable pre-handshake (amplification). Congrats to @CodenomiconLTD as well btw!"


- Neel Mehta


https://mobile.twitter.com/neelmehta/status/453542518584381440

 

[Dylan]

Definitely referring to that.

1. Neel Mehta (the Google Security researcher who discovered Heartbleed in the first place) sends out that tweet.

2. One of the CloudFlare guys (Nick Sullivan) replies to it.

3. Matthew Prince sends out the tweet in the OP just a couple hours after Nick's reply.

It's kind of depressing how people are so eager to pile on about how someone is wrong and must not know anything because he's "just a CEO" without taking 30 seconds to look into things.

 

[Hxxx]

I'm CEO bitch!

If you guys get the reference to the movie...

 

[GIANT_CRAB]

Guys, becareful, he has enough money to lobby HTTPS into a UDP protocol!

 

[Wintereise]

The amount of mongs who like ripping people a new one without understanding shit are way too high.

Hurr hurr.

 

[yomero]

He is right if the software using TLS is also using UDP. For example, OpenVPN.

Anyway, I don't think you can find enough instances of UDP software to run a big attack.

 

[maounique]

I think a CEO must know basics about his products. However, he must not be judged on that, but on how well the company does, because, even if he does not know he can get around people that can give advice on the technical side.

In the end, CEO is about choosing the right people and giving the right instructions as well as securing resources for those instructions to be carried out in good conditions.

 

[Tom_WebhostingUK LTD]

According to me, he is company's CEO and not CTO so we can understand it.